Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Quote List.scr.exe

Overview

General Information

Sample name:Quote List.scr.exe
Analysis ID:1522468
MD5:dc2bce43a2b3398e375fdb600650a576
SHA1:a6c6ccf9affa2095eb481950f036c00cd3c4e437
SHA256:509070cd30eb4cb05c29fe8cb222166c1c7db0f6084ea5b91e37bac79c14ac30
Tags:exeXenoRATuser-abuse_ch
Infos:

Detection

XenoRAT
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected XenoRAT
.NET source code contains potential unpacker
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Installs a global keyboard hook
Loading BitLocker PowerShell Module
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Script Execution From Temp Folder
Tries to harvest and steal browser information (history, passwords, etc)
Yara detected Costura Assembly Loader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Quote List.scr.exe (PID: 5372 cmdline: "C:\Users\user\Desktop\Quote List.scr.exe" MD5: DC2BCE43A2B3398E375FDB600650A576)
    • powershell.exe (PID: 5052 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 1900 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • Quote List.scr.exe (PID: 6548 cmdline: "C:\Users\user\Desktop\Quote List.scr.exe" MD5: DC2BCE43A2B3398E375FDB600650A576)
      • Quote List.scr.exe (PID: 7200 cmdline: "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe" MD5: DC2BCE43A2B3398E375FDB600650A576)
        • powershell.exe (PID: 7296 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
          • conhost.exe (PID: 7312 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • Quote List.scr.exe (PID: 7304 cmdline: "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe" MD5: DC2BCE43A2B3398E375FDB600650A576)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XenoRATNo Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xenorat

Malware Configuration

Threatname: XenoRAT

{"C2 url": "66.63.168.142", "Mutex Name": "Microsoft_nd8912d", "Install Folder": "temp"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2060791178.000000000293C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
    00000006.00000002.2084770494.00000000027EE000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
      00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmpQuasar_RAT_1Detects Quasar RATFlorian Roth
        • 0x368:$op1: 04 1E FE 02 04 16 FE 01 60
        • 0x28c:$op2: 00 17 03 1F 20 17 19 15 28
        • 0xce8:$op3: 00 04 03 69 91 1B 40
        • 0x1534:$op3: 00 04 03 69 91 1B 40
        00000004.00000002.2052739105.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_XenoRATYara detected XenoRATJoe Security
          Click to see the 7 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          6.2.Quote List.scr.exe.27ef9b8.0.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
            4.2.Quote List.scr.exe.400000.0.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
              0.2.Quote List.scr.exe.293d7e8.1.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                0.2.Quote List.scr.exe.293d7e8.1.raw.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                  0.2.Quote List.scr.exe.2948ec8.0.unpackJoeSecurity_XenoRATYara detected XenoRATJoe Security
                    Click to see the 7 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quote List.scr.exe", ParentImage: C:\Users\user\Desktop\Quote List.scr.exe, ParentProcessId: 5372, ParentProcessName: Quote List.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", ProcessId: 5052, ProcessName: powershell.exe
                    Sigma detected: Suspicious Script Execution From Temp Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems), Max Altgelt (Nextron Systems), Tim Shelton: Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe" , ParentImage: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe, ParentProcessId: 7200, ParentProcessName: Quote List.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe", ProcessId: 7296, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quote List.scr.exe", ParentImage: C:\Users\user\Desktop\Quote List.scr.exe, ParentProcessId: 5372, ParentProcessName: Quote List.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", ProcessId: 5052, ProcessName: powershell.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\Quote List.scr.exe", ParentImage: C:\Users\user\Desktop\Quote List.scr.exe, ParentProcessId: 5372, ParentProcessName: Quote List.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe", ProcessId: 5052, ProcessName: powershell.exe

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-30T07:18:15.347332+020020501101Malware Command and Control Activity Detected66.63.168.1424782192.168.2.549723TCP
                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-09-30T07:17:58.594872+020020501111Malware Command and Control Activity Detected192.168.2.54971766.63.168.1424782TCP
                    2024-09-30T07:18:44.411111+020020501111Malware Command and Control Activity Detected192.168.2.54972366.63.168.1424782TCP
                    2024-09-30T07:20:02.796255+020020501111Malware Command and Control Activity Detected192.168.2.54971766.63.168.1424782TCP
                    2024-09-30T07:20:45.558491+020020501111Malware Command and Control Activity Detected192.168.2.54971766.63.168.1424782TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 0.2.Quote List.scr.exe.293d7e8.1.unpackMalware Configuration Extractor: XenoRAT {"C2 url": "66.63.168.142", "Mutex Name": "Microsoft_nd8912d", "Install Folder": "temp"}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeReversingLabs: Detection: 21%
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeVirustotal: Detection: 26%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: Quote List.scr.exeReversingLabs: Detection: 21%
                    AI detected suspicious sample
                    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.8% probability
                    Source: Quote List.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: Quote List.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Binary string: iepl.pdb source: Quote List.scr.exe, Quote List.scr.exe.4.dr
                    Source: Binary string: C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\KeyLoggerOffline\obj\Release\KeyLoggerOffline.pdbYpsp ep_CorDllMainmscoree.dll source: Quote List.scr.exe, 00000008.00000002.4495765492.0000000005750000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $jq&costura.xeno rat client.pdb.compressed4'jq source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: iepl.pdbSHA256 source: Quote List.scr.exe, Quote List.scr.exe.4.dr
                    Source: Binary string: C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\KeyLoggerOffline\obj\Release\KeyLoggerOffline.pdb source: Quote List.scr.exe, 00000008.00000002.4495765492.0000000005750000.00000004.08000000.00040000.00000000.sdmp

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2050110 - Severity 1 - ET MALWARE [ANY.RUN] Xeno-RAT TCP Check-In : 66.63.168.142:4782 -> 192.168.2.5:49723
                    Source: Network trafficSuricata IDS: 2050111 - Severity 1 - ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive : 192.168.2.5:49717 -> 66.63.168.142:4782
                    Source: Network trafficSuricata IDS: 2050111 - Severity 1 - ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive : 192.168.2.5:49723 -> 66.63.168.142:4782
                    C2 URLs / IPs found in malware configuration
                    Source: Malware configuration extractorURLs: 66.63.168.142
                    Source: global trafficTCP traffic: 192.168.2.5:49709 -> 66.63.168.142:4782
                    Source: Joe Sandbox ViewASN Name: ASN-QUADRANET-GLOBALUS ASN-QUADRANET-GLOBALUS
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: unknownTCP traffic detected without corresponding DNS query: 66.63.168.142
                    Source: Quote List.scr.exe, Quote List.scr.exe.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: Quote List.scr.exe, Quote List.scr.exe.4.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: Quote List.scr.exe, Quote List.scr.exe.4.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: Quote List.scr.exe, 00000000.00000002.2060791178.00000000028EB000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000006.00000002.2084770494.000000000279B000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C61000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: m3w51req.inw.8.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                    Source: m3w51req.inw.8.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                    Source: m3w51req.inw.8.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                    Source: m3w51req.inw.8.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                    Source: m3w51req.inw.8.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                    Source: m3w51req.inw.8.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                    Source: m3w51req.inw.8.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                    Source: Quote List.scr.exe, Quote List.scr.exe.4.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                    Source: m3w51req.inw.8.drString found in binary or memory: https://www.ecosia.org/newtab/
                    Source: m3w51req.inw.8.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Installs a global keyboard hook
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeWindows user hook set: 0 keyboard low level C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeJump to behavior

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 8.2.Quote List.scr.exe.6870000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects Quasar RAT Author: Florian Roth
                    Source: 00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects Quasar RAT Author: Florian Roth
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess Stats: CPU usage > 49%
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0785E0E00_2_0785E0E0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07854D000_2_07854D00
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07854CF00_2_07854CF0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0785C4680_2_0785C468
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0785C4780_2_0785C478
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0785D0C90_2_0785D0C9
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0785E0D00_2_0785E0D0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0785E8380_2_0785E838
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B536D00_2_07B536D0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B545F90_2_07B545F9
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B500400_2_07B50040
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B50F170_2_07B50F17
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B536C00_2_07B536C0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B5C6380_2_07B5C638
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B5C6480_2_07B5C648
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B534B10_2_07B534B1
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B534C00_2_07B534C0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B553310_2_07B55331
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B553780_2_07B55378
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B5C2100_2_07B5C210
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B532600_2_07B53260
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B532500_2_07B53250
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B591B00_2_07B591B0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B530B00_2_07B530B0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B530C00_2_07B530C0
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B500060_2_07B50006
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B53EFB0_2_07B53EFB
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B53E500_2_07B53E50
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B51E500_2_07B51E50
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B51E400_2_07B51E40
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B53E400_2_07B53E40
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B54E400_2_07B54E40
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B5BDC80_2_07B5BDC8
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B51C500_2_07B51C50
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B51C400_2_07B51C40
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B5CA800_2_07B5CA80
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B52A200_2_07B52A20
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B52A110_2_07B52A11
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B5EA000_2_07B5EA00
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07B539180_2_07B53918
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0D8E2DF80_2_0D8E2DF8
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 4_2_01670B124_2_01670B12
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0702E0E06_2_0702E0E0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_07024D006_2_07024D00
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0702C4686_2_0702C468
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0702C4786_2_0702C478
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_07024CF06_2_07024CF0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0702E8386_2_0702E838
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0702D0C96_2_0702D0C9
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0702E0D06_2_0702E0D0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E36D06_2_071E36D0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E45F96_2_071E45F9
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E00406_2_071E0040
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E0F176_2_071E0F17
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071EC6386_2_071EC638
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071EC6486_2_071EC648
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E36C06_2_071E36C0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E34B16_2_071E34B1
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E34C06_2_071E34C0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E53316_2_071E5331
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E53786_2_071E5378
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071EC2106_2_071EC210
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E32506_2_071E3250
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E32606_2_071E3260
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E91B06_2_071E91B0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E00066_2_071E0006
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E30B06_2_071E30B0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E30C06_2_071E30C0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E3E506_2_071E3E50
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E1E506_2_071E1E50
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E1E406_2_071E1E40
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E3E406_2_071E3E40
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E4E406_2_071E4E40
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E3EFB6_2_071E3EFB
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071EBDC86_2_071EBDC8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E1C506_2_071E1C50
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E1C406_2_071E1C40
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E2A116_2_071E2A11
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071EEA006_2_071EEA00
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E2A206_2_071E2A20
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071ECA806_2_071ECA80
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_071E39186_2_071E3918
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0D042DF86_2_0D042DF8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E390488_2_00E39048
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E399188_2_00E39918
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E323218_2_00E32321
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E30B128_2_00E30B12
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E3DF528_2_00E3DF52
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E3EF308_2_00E3EF30
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E38D008_2_00E38D00
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_057665C88_2_057665C8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_057665B88_2_057665B8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_0576E8BC8_2_0576E8BC
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C4A7D08_2_05C4A7D0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C408288_2_05C40828
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C4B5188_2_05C4B518
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C491C88_2_05C491C8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C47AF88_2_05C47AF8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C462688_2_05C46268
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_069E87F08_2_069E87F0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_069E9BB88_2_069E9BB8
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_069E61D08_2_069E61D0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_069ED1D08_2_069ED1D0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_069E3F988_2_069E3F98
                    Source: Quote List.scr.exeStatic PE information: invalid certificate
                    Source: Quote List.scr.exe, 00000000.00000002.2070835241.0000000007050000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000000.00000002.2060791178.000000000293C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepdf_manager.exe8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000000.00000002.2060008293.0000000000BEE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000000.00000000.2027008721.0000000000442000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameiepl.exe, vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000000.00000002.2062959144.0000000003F82000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000004.00000002.2052739105.000000000040E000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepdf_manager.exe8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000006.00000002.2083586338.000000000072E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000006.00000002.2085858304.000000000400F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000006.00000002.2085858304.0000000003FC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000006.00000002.2084770494.00000000027EE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamepdf_manager.exe8 vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000008.00000002.4497435157.0000000006439000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000008.00000002.4499560428.00000000074E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameBouncyCastle.Crypto.dllP vs Quote List.scr.exe
                    Source: Quote List.scr.exe, 00000008.00000002.4495765492.0000000005750000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameKeyLoggerOffline.dllB vs Quote List.scr.exe
                    Source: Quote List.scr.exeBinary or memory string: OriginalFilenameiepl.exe, vs Quote List.scr.exe
                    Source: Quote List.scr.exe.4.drBinary or memory string: OriginalFilenameiepl.exe, vs Quote List.scr.exe
                    Source: Quote List.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 8.2.Quote List.scr.exe.6870000.1.raw.unpack, type: UNPACKEDPEMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: 00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Quasar_RAT_1 date = 2017-04-07, hash4 = f08db220df716de3d4f63f3007a03f902601b9b32099d6a882da87312f263f34, hash3 = 515c1a68995557035af11d818192f7866ef6a2018aa13112fefbe08395732e89, hash2 = 1ce40a89ef9d56fd32c00db729beecc17d54f4f7c27ff22f708a957cd3f9a4ec, hash1 = 0774d25e33ca2b1e2ee2fafe3fdbebecefbf1d4dd99e6460f0bc8713dd0fd740, author = Florian Roth, description = Detects Quasar RAT, reference = https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf, license = https://creativecommons.org/licenses/by-nc/4.0/
                    Source: Quote List.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Quote List.scr.exe.4.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 0.2.Quote List.scr.exe.2948ec8.0.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Quote List.scr.exe.293d7e8.1.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                    Source: 6.2.Quote List.scr.exe.27fb098.1.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                    Source: 6.2.Quote List.scr.exe.27ef9b8.0.raw.unpack, Encryption.csCryptographic APIs: 'CreateDecryptor'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, hC26RxYUjNAqPWbtXq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, hC26RxYUjNAqPWbtXq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 6.2.Quote List.scr.exe.27fb098.1.raw.unpack, Handler.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.2948ec8.0.raw.unpack, Handler.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, hC26RxYUjNAqPWbtXq.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.293d7e8.1.raw.unpack, Handler.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 6.2.Quote List.scr.exe.27ef9b8.0.raw.unpack, Handler.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: _0020.SetAccessControl
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, M44kKZXkZwVsM60at7.csSecurity API names: System.Security.AccessControl.FileSystemSecurity.AddAccessRule(System.Security.AccessControl.FileSystemAccessRule)
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@13/22@0/1
                    Source: C:\Users\user\Desktop\Quote List.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quote List.scr.exe.logJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMutant created: NULL
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1900:120:WilError_03
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMutant created: \Sessions\1\BaseNamedObjects\Microsoft_nd8912d-admin
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMutant created: \Sessions\1\BaseNamedObjects\aKYQDyHSi
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7312:120:WilError_03
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw4qovnv.0io.ps1Jump to behavior
                    Source: Quote List.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: Quote List.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\Quote List.scr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: Quote List.scr.exe, 00000008.00000002.4492030953.00000000030D5000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.00000000030C8000.00000004.00000800.00020000.00000000.sdmp, c0x15ytk.npd.8.dr, c5oaqdws.cs1.8.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                    Source: Quote List.scr.exeReversingLabs: Detection: 21%
                    Source: C:\Users\user\Desktop\Quote List.scr.exeFile read: C:\Users\user\Desktop\Quote List.scr.exeJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\Quote List.scr.exe "C:\Users\user\Desktop\Quote List.scr.exe"
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe"
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Users\user\Desktop\Quote List.scr.exe "C:\Users\user\Desktop\Quote List.scr.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Users\user\Desktop\Quote List.scr.exe "C:\Users\user\Desktop\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: msvcp140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\Quote List.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Quote List.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: Quote List.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: Quote List.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                    Source: Binary string: iepl.pdb source: Quote List.scr.exe, Quote List.scr.exe.4.dr
                    Source: Binary string: C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\KeyLoggerOffline\obj\Release\KeyLoggerOffline.pdbYpsp ep_CorDllMainmscoree.dll source: Quote List.scr.exe, 00000008.00000002.4495765492.0000000005750000.00000004.08000000.00040000.00000000.sdmp
                    Source: Binary string: costura.costura.pdb.compressed source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: $jq&costura.xeno rat client.pdb.compressed4'jq source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: iepl.pdbSHA256 source: Quote List.scr.exe, Quote List.scr.exe.4.dr
                    Source: Binary string: C:\Users\moom825\Desktop\xeno-rat\xeno-rat\Plugins\KeyLoggerOffline\obj\Release\KeyLoggerOffline.pdb source: Quote List.scr.exe, 00000008.00000002.4495765492.0000000005750000.00000004.08000000.00040000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains potential unpacker
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, M44kKZXkZwVsM60at7.cs.Net Code: iXxP4Pucet System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.7b10000.6.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.3751c20.2.raw.unpack, MainForm.cs.Net Code: _200E_200C_200B_202B_202E_200E_200E_202D_200B_206C_202C_202B_200B_200F_200E_206F_206C_202C_202D_200E_206E_206E_200C_206D_202C_200B_200E_202B_200B_206A_202E_206A_202E_206E_206E_206A_206C_206A_206F_202E_202E System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.2948ec8.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.2948ec8.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, M44kKZXkZwVsM60at7.cs.Net Code: iXxP4Pucet System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, M44kKZXkZwVsM60at7.cs.Net Code: iXxP4Pucet System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.293d7e8.1.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                    Source: 0.2.Quote List.scr.exe.293d7e8.1.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                    Source: 6.2.Quote List.scr.exe.27fb098.1.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                    Source: 6.2.Quote List.scr.exe.27fb098.1.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                    Source: 6.2.Quote List.scr.exe.27ef9b8.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler System.Reflection.Assembly.Load(byte[])
                    Source: 6.2.Quote List.scr.exe.27ef9b8.0.raw.unpack, DllHandler.cs.Net Code: DllNodeHandler
                    Source: 8.2.Quote List.scr.exe.6870000.1.raw.unpack, AssemblyLoader.cs.Net Code: ReadFromEmbeddedResources System.Reflection.Assembly.Load(byte[])
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 8.2.Quote List.scr.exe.6870000.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 8.2.Quote List.scr.exe.6870000.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 7304, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_00F70DFA pushfd ; iretd 0_2_00F70DF9
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_00F70DAF pushfd ; iretd 0_2_00F70DF9
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_00F70D62 pushfd ; iretd 0_2_00F70DF9
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07853E78 push eax; mov dword ptr [esp], ecx0_2_07853E7C
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07857080 pushad ; ret 0_2_07857081
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_07857082 push esp; ret 0_2_07857089
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0D8E05C8 push E8FFFFFEh; iretd 0_2_0D8E05CD
                    Source: C:\Users\user\Desktop\Quote List.scr.exeCode function: 0_2_0D8E1312 push 84070BCBh; retf 0_2_0D8E1319
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_07023E78 push eax; mov dword ptr [esp], ecx6_2_07023E7C
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_07027080 pushad ; ret 6_2_07027081
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0D0405C8 push E8FFFFFEh; iretd 6_2_0D0405CD
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 6_2_0D041312 push 8406D5CBh; retf 6_2_0D041319
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C40FB3 pushfd ; ret 8_2_05C40FB9
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C40EE3 push eax; ret 8_2_05C40EE9
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_05C475B0 push es; ret 8_2_05C475C0
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_069E0705 pushad ; retf 8_2_069E0729
                    Source: Quote List.scr.exeStatic PE information: section name: .text entropy: 7.611324168922041
                    Source: Quote List.scr.exe.4.drStatic PE information: section name: .text entropy: 7.611324168922041
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, BCfW00hquI4drcPhUw.csHigh entropy of concatenated method names: 'ryCq09npic', 'kiFqm1JiUP', 'zMfqvv1XA1', 'FlFqKmxiZB', 'BiRqX89ena', 'Cp8vQGBZyr', 'gkyvwI1dhF', 'IZhvZQM6oK', 'mEvvxRlUy9', 'TxkvJQ9opV'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, MmvHbmzYjio9BAe4A1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mxMF28d1o5', 'IaJFAAsnWU', 'C4SFCZpesf', 'vaVFR8X8Qx', 'T4xFSivsSy', 'i55FFGUgJG', 'dHmFysQVjA'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, hC26RxYUjNAqPWbtXq.csHigh entropy of concatenated method names: 'm8KmB0lYxH', 'QgQmWZyoEc', 'mIymalgo25', 'YDBmdBL5Cb', 'oNwmQH1HlP', 'LlnmwfE14K', 'ojymZ5e74t', 'yy1mxcH7uP', 'u8vmJCSwG0', 'YkrmtRRcKU'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, BEwP9Y5uDtCy7Risup.csHigh entropy of concatenated method names: 'MnR4xwW3I', 'f7DHvtYlE', 'sw4MNRtXQ', 'XQu6gfERh', 'JBqbk8obC', 'i5dGxeWwy', 'nZiQj1nR26d72e7t4h', 'p8YrfLEqGPDlXUBqrs', 'CLVSJeGJ6', 'j3Ky98ECp'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, uGnN0BxZ2Ki4RZ1mgk.csHigh entropy of concatenated method names: 'o3nSn5erSS', 'QCgSmnGhkK', 'UiRS93QUB2', 'bmhSvwyshv', 'XVHSq6LN8i', 'gbFSKEQxr0', 'CCySXTopdO', 'k2KSN0WCLp', 'vHMSe93ZZ4', 'PDiSOWi4IX'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, uxWvjLaB5S5L5U11SW.csHigh entropy of concatenated method names: 'ToString', 'slSCVEhZ6b', 'dWMCfuCerf', 'MOQCEv4V0g', 'vIJCL3sLOT', 'UV8CpJVv9P', 'a2fC1cgV6x', 'cJ2CktnRxc', 'ouqCrmhc0i', 'ktZCsUNDLw'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, GaraT7GVp4B2XVGHtC.csHigh entropy of concatenated method names: 'iOHvgKqkfv', 'URLv6qhkl3', 'VMJ9EmiRQ6', 'kmG9LOO0d2', 'Lgq9psyFae', 'wiU91uv4ab', 'CD29kP326a', 'CMF9r08Fa9', 'EnI9s6gBys', 'XhX9jFnT8f'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, DX4cEsolyRsUMUGDirV.csHigh entropy of concatenated method names: 'wiBF3Vb3YP', 'oToFTgR0Rf', 'rKcF4WNZL8', 'hZQFHjyKcS', 'LpwFgZDas2', 'bg6FMtOtBy', 'BUiF6MUesN', 'aPDFYmdf8s', 'IaDFbJUv4d', 'H18FGjSRnj'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, aauewlkV5410Xauive.csHigh entropy of concatenated method names: 'pDhKnpU9ud', 'smhK9rsc1u', 'NTUKqrFi9f', 'BAPqteWqP0', 'c6AqzDO11G', 'OogKlmKldA', 'HYuKooO46A', 'VjXK5ZL66s', 'yneKDx5wxL', 'eu9KPdSv4W'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, rd84D8wujLteeJJVrA.csHigh entropy of concatenated method names: 'aelRxmNAaK', 'kZ5Rt0I3Rr', 'xCfSl9VVMw', 'FQeSo8gcZY', 'xwaRVuiUtG', 'AgBRiNgO3c', 'WbURUmUNhJ', 'udYRBpsYYu', 'OpmRWXhHv2', 'VYZRaiddou'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, sWhAK5oDjLw31NyCTdc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RORyBtb5y1', 'RbMyWdnqQS', 'CmkyaDgiwg', 'cj8ydssJg0', 'zQcyQ3JX21', 'FJDywWHDoD', 'nxIyZ4wQIm'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, YgNn5yPColpDsSyee1.csHigh entropy of concatenated method names: 'yrvoKC26Rx', 'QjNoXAqPWb', 'kseoeYdXn1', 'ImpoOohara', 'OGHoAtCMCf', 'R00oCquI4d', 'o9UYjNeDqEbjV5dt6o', 'X7Lylhd4QnN7QPBXpD', 'vEkooZXeVA', 'mYOoDKgSMw'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, qeRjJusKlXiMDxqAIL.csHigh entropy of concatenated method names: 'AfMK3keBN2', 'JSOKT38Va3', 'RBcK4eIVDh', 'VooKH1085D', 'xOYKgkYjJK', 'tAtKMOCkJC', 'RtRK6eX5DT', 'bb7KY23w6W', 'VDQKbgfaEd', 'Gb9KGMG4Yk'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, m8Df1XbseYdXn1Lmpo.csHigh entropy of concatenated method names: 'hr59HPiBsm', 'eN89MApKWl', 'EMI9YtNyff', 'Yc29bYyRXN', 'm4p9AGwBFY', 'DlL9Cbx6EW', 'AHe9RxeOI4', 'aqc9SpEGqs', 'pRe9FbxeHV', 'YBd9yhMaEB'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, sSPf2XtCj1ADgrgOa2.csHigh entropy of concatenated method names: 'omYFoyCLQp', 'lpDFDdYorL', 'MCAFPssy8e', 'SW9Fn8FHu2', 'hSbFmAIgWu', 'OC0FvJ7ApD', 'CUmFq3ri4U', 'N5QSZ2M1xJ', 'XGNSxbTTgD', 'SrFSJlNWd1'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, M44kKZXkZwVsM60at7.csHigh entropy of concatenated method names: 'F7eD0a58py', 'OOwDnqQBfL', 'Vx7DmSJaxo', 'sGBD9ri4eF', 'GXgDvMOu0V', 'oUKDqSf2FW', 'XwrDKX4RLB', 'MC6DXPqFZn', 'w5BDNApy1h', 'JTCDeDMeQ8'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, aGLNUNJQSQFJGTs0OW.csHigh entropy of concatenated method names: 'CjuShiFCN9', 'rmKSfMfgMh', 'PqxSEJ7EE6', 'wg4SLpwxPr', 'j3fSB4oxtb', 'sbBSp9TGbv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, CJb8SAmHKUInw3xxbP.csHigh entropy of concatenated method names: 'Dispose', 'u6MoJwbj8L', 'sY25fckibC', 'wrbiirTZwg', 'ycGotnN0BZ', 'oKioz4RZ1m', 'ProcessDialogKey', 'Bkl5lGLNUN', 'USQ5oFJGTs', 'eOW55FSPf2'
                    Source: 0.2.Quote List.scr.exe.7050000.5.raw.unpack, pdRpjyU5XUnOYfgY7d.csHigh entropy of concatenated method names: 'MbS2YC6FJt', 'KVG2bHAHcr', 'Icj2h9Anyw', 'OrZ2fscNh1', 'AkO2LKijUJ', 'MXr2p6uEdg', 'xww2kbdbIH', 'rWt2rQb4OG', 'cRd2j6X5Sk', 'VHa2VUlTk5'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, BCfW00hquI4drcPhUw.csHigh entropy of concatenated method names: 'ryCq09npic', 'kiFqm1JiUP', 'zMfqvv1XA1', 'FlFqKmxiZB', 'BiRqX89ena', 'Cp8vQGBZyr', 'gkyvwI1dhF', 'IZhvZQM6oK', 'mEvvxRlUy9', 'TxkvJQ9opV'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, MmvHbmzYjio9BAe4A1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mxMF28d1o5', 'IaJFAAsnWU', 'C4SFCZpesf', 'vaVFR8X8Qx', 'T4xFSivsSy', 'i55FFGUgJG', 'dHmFysQVjA'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, hC26RxYUjNAqPWbtXq.csHigh entropy of concatenated method names: 'm8KmB0lYxH', 'QgQmWZyoEc', 'mIymalgo25', 'YDBmdBL5Cb', 'oNwmQH1HlP', 'LlnmwfE14K', 'ojymZ5e74t', 'yy1mxcH7uP', 'u8vmJCSwG0', 'YkrmtRRcKU'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, BEwP9Y5uDtCy7Risup.csHigh entropy of concatenated method names: 'MnR4xwW3I', 'f7DHvtYlE', 'sw4MNRtXQ', 'XQu6gfERh', 'JBqbk8obC', 'i5dGxeWwy', 'nZiQj1nR26d72e7t4h', 'p8YrfLEqGPDlXUBqrs', 'CLVSJeGJ6', 'j3Ky98ECp'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, uGnN0BxZ2Ki4RZ1mgk.csHigh entropy of concatenated method names: 'o3nSn5erSS', 'QCgSmnGhkK', 'UiRS93QUB2', 'bmhSvwyshv', 'XVHSq6LN8i', 'gbFSKEQxr0', 'CCySXTopdO', 'k2KSN0WCLp', 'vHMSe93ZZ4', 'PDiSOWi4IX'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, uxWvjLaB5S5L5U11SW.csHigh entropy of concatenated method names: 'ToString', 'slSCVEhZ6b', 'dWMCfuCerf', 'MOQCEv4V0g', 'vIJCL3sLOT', 'UV8CpJVv9P', 'a2fC1cgV6x', 'cJ2CktnRxc', 'ouqCrmhc0i', 'ktZCsUNDLw'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, GaraT7GVp4B2XVGHtC.csHigh entropy of concatenated method names: 'iOHvgKqkfv', 'URLv6qhkl3', 'VMJ9EmiRQ6', 'kmG9LOO0d2', 'Lgq9psyFae', 'wiU91uv4ab', 'CD29kP326a', 'CMF9r08Fa9', 'EnI9s6gBys', 'XhX9jFnT8f'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, DX4cEsolyRsUMUGDirV.csHigh entropy of concatenated method names: 'wiBF3Vb3YP', 'oToFTgR0Rf', 'rKcF4WNZL8', 'hZQFHjyKcS', 'LpwFgZDas2', 'bg6FMtOtBy', 'BUiF6MUesN', 'aPDFYmdf8s', 'IaDFbJUv4d', 'H18FGjSRnj'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, aauewlkV5410Xauive.csHigh entropy of concatenated method names: 'pDhKnpU9ud', 'smhK9rsc1u', 'NTUKqrFi9f', 'BAPqteWqP0', 'c6AqzDO11G', 'OogKlmKldA', 'HYuKooO46A', 'VjXK5ZL66s', 'yneKDx5wxL', 'eu9KPdSv4W'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, rd84D8wujLteeJJVrA.csHigh entropy of concatenated method names: 'aelRxmNAaK', 'kZ5Rt0I3Rr', 'xCfSl9VVMw', 'FQeSo8gcZY', 'xwaRVuiUtG', 'AgBRiNgO3c', 'WbURUmUNhJ', 'udYRBpsYYu', 'OpmRWXhHv2', 'VYZRaiddou'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, sWhAK5oDjLw31NyCTdc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RORyBtb5y1', 'RbMyWdnqQS', 'CmkyaDgiwg', 'cj8ydssJg0', 'zQcyQ3JX21', 'FJDywWHDoD', 'nxIyZ4wQIm'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, YgNn5yPColpDsSyee1.csHigh entropy of concatenated method names: 'yrvoKC26Rx', 'QjNoXAqPWb', 'kseoeYdXn1', 'ImpoOohara', 'OGHoAtCMCf', 'R00oCquI4d', 'o9UYjNeDqEbjV5dt6o', 'X7Lylhd4QnN7QPBXpD', 'vEkooZXeVA', 'mYOoDKgSMw'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, qeRjJusKlXiMDxqAIL.csHigh entropy of concatenated method names: 'AfMK3keBN2', 'JSOKT38Va3', 'RBcK4eIVDh', 'VooKH1085D', 'xOYKgkYjJK', 'tAtKMOCkJC', 'RtRK6eX5DT', 'bb7KY23w6W', 'VDQKbgfaEd', 'Gb9KGMG4Yk'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, m8Df1XbseYdXn1Lmpo.csHigh entropy of concatenated method names: 'hr59HPiBsm', 'eN89MApKWl', 'EMI9YtNyff', 'Yc29bYyRXN', 'm4p9AGwBFY', 'DlL9Cbx6EW', 'AHe9RxeOI4', 'aqc9SpEGqs', 'pRe9FbxeHV', 'YBd9yhMaEB'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, sSPf2XtCj1ADgrgOa2.csHigh entropy of concatenated method names: 'omYFoyCLQp', 'lpDFDdYorL', 'MCAFPssy8e', 'SW9Fn8FHu2', 'hSbFmAIgWu', 'OC0FvJ7ApD', 'CUmFq3ri4U', 'N5QSZ2M1xJ', 'XGNSxbTTgD', 'SrFSJlNWd1'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, M44kKZXkZwVsM60at7.csHigh entropy of concatenated method names: 'F7eD0a58py', 'OOwDnqQBfL', 'Vx7DmSJaxo', 'sGBD9ri4eF', 'GXgDvMOu0V', 'oUKDqSf2FW', 'XwrDKX4RLB', 'MC6DXPqFZn', 'w5BDNApy1h', 'JTCDeDMeQ8'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, aGLNUNJQSQFJGTs0OW.csHigh entropy of concatenated method names: 'CjuShiFCN9', 'rmKSfMfgMh', 'PqxSEJ7EE6', 'wg4SLpwxPr', 'j3fSB4oxtb', 'sbBSp9TGbv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, CJb8SAmHKUInw3xxbP.csHigh entropy of concatenated method names: 'Dispose', 'u6MoJwbj8L', 'sY25fckibC', 'wrbiirTZwg', 'ycGotnN0BZ', 'oKioz4RZ1m', 'ProcessDialogKey', 'Bkl5lGLNUN', 'USQ5oFJGTs', 'eOW55FSPf2'
                    Source: 0.2.Quote List.scr.exe.41126e0.3.raw.unpack, pdRpjyU5XUnOYfgY7d.csHigh entropy of concatenated method names: 'MbS2YC6FJt', 'KVG2bHAHcr', 'Icj2h9Anyw', 'OrZ2fscNh1', 'AkO2LKijUJ', 'MXr2p6uEdg', 'xww2kbdbIH', 'rWt2rQb4OG', 'cRd2j6X5Sk', 'VHa2VUlTk5'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, BCfW00hquI4drcPhUw.csHigh entropy of concatenated method names: 'ryCq09npic', 'kiFqm1JiUP', 'zMfqvv1XA1', 'FlFqKmxiZB', 'BiRqX89ena', 'Cp8vQGBZyr', 'gkyvwI1dhF', 'IZhvZQM6oK', 'mEvvxRlUy9', 'TxkvJQ9opV'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, MmvHbmzYjio9BAe4A1.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'mxMF28d1o5', 'IaJFAAsnWU', 'C4SFCZpesf', 'vaVFR8X8Qx', 'T4xFSivsSy', 'i55FFGUgJG', 'dHmFysQVjA'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, hC26RxYUjNAqPWbtXq.csHigh entropy of concatenated method names: 'm8KmB0lYxH', 'QgQmWZyoEc', 'mIymalgo25', 'YDBmdBL5Cb', 'oNwmQH1HlP', 'LlnmwfE14K', 'ojymZ5e74t', 'yy1mxcH7uP', 'u8vmJCSwG0', 'YkrmtRRcKU'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, BEwP9Y5uDtCy7Risup.csHigh entropy of concatenated method names: 'MnR4xwW3I', 'f7DHvtYlE', 'sw4MNRtXQ', 'XQu6gfERh', 'JBqbk8obC', 'i5dGxeWwy', 'nZiQj1nR26d72e7t4h', 'p8YrfLEqGPDlXUBqrs', 'CLVSJeGJ6', 'j3Ky98ECp'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, uGnN0BxZ2Ki4RZ1mgk.csHigh entropy of concatenated method names: 'o3nSn5erSS', 'QCgSmnGhkK', 'UiRS93QUB2', 'bmhSvwyshv', 'XVHSq6LN8i', 'gbFSKEQxr0', 'CCySXTopdO', 'k2KSN0WCLp', 'vHMSe93ZZ4', 'PDiSOWi4IX'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, uxWvjLaB5S5L5U11SW.csHigh entropy of concatenated method names: 'ToString', 'slSCVEhZ6b', 'dWMCfuCerf', 'MOQCEv4V0g', 'vIJCL3sLOT', 'UV8CpJVv9P', 'a2fC1cgV6x', 'cJ2CktnRxc', 'ouqCrmhc0i', 'ktZCsUNDLw'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, GaraT7GVp4B2XVGHtC.csHigh entropy of concatenated method names: 'iOHvgKqkfv', 'URLv6qhkl3', 'VMJ9EmiRQ6', 'kmG9LOO0d2', 'Lgq9psyFae', 'wiU91uv4ab', 'CD29kP326a', 'CMF9r08Fa9', 'EnI9s6gBys', 'XhX9jFnT8f'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, DX4cEsolyRsUMUGDirV.csHigh entropy of concatenated method names: 'wiBF3Vb3YP', 'oToFTgR0Rf', 'rKcF4WNZL8', 'hZQFHjyKcS', 'LpwFgZDas2', 'bg6FMtOtBy', 'BUiF6MUesN', 'aPDFYmdf8s', 'IaDFbJUv4d', 'H18FGjSRnj'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, aauewlkV5410Xauive.csHigh entropy of concatenated method names: 'pDhKnpU9ud', 'smhK9rsc1u', 'NTUKqrFi9f', 'BAPqteWqP0', 'c6AqzDO11G', 'OogKlmKldA', 'HYuKooO46A', 'VjXK5ZL66s', 'yneKDx5wxL', 'eu9KPdSv4W'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, rd84D8wujLteeJJVrA.csHigh entropy of concatenated method names: 'aelRxmNAaK', 'kZ5Rt0I3Rr', 'xCfSl9VVMw', 'FQeSo8gcZY', 'xwaRVuiUtG', 'AgBRiNgO3c', 'WbURUmUNhJ', 'udYRBpsYYu', 'OpmRWXhHv2', 'VYZRaiddou'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, sWhAK5oDjLw31NyCTdc.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'RORyBtb5y1', 'RbMyWdnqQS', 'CmkyaDgiwg', 'cj8ydssJg0', 'zQcyQ3JX21', 'FJDywWHDoD', 'nxIyZ4wQIm'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, YgNn5yPColpDsSyee1.csHigh entropy of concatenated method names: 'yrvoKC26Rx', 'QjNoXAqPWb', 'kseoeYdXn1', 'ImpoOohara', 'OGHoAtCMCf', 'R00oCquI4d', 'o9UYjNeDqEbjV5dt6o', 'X7Lylhd4QnN7QPBXpD', 'vEkooZXeVA', 'mYOoDKgSMw'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, qeRjJusKlXiMDxqAIL.csHigh entropy of concatenated method names: 'AfMK3keBN2', 'JSOKT38Va3', 'RBcK4eIVDh', 'VooKH1085D', 'xOYKgkYjJK', 'tAtKMOCkJC', 'RtRK6eX5DT', 'bb7KY23w6W', 'VDQKbgfaEd', 'Gb9KGMG4Yk'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, m8Df1XbseYdXn1Lmpo.csHigh entropy of concatenated method names: 'hr59HPiBsm', 'eN89MApKWl', 'EMI9YtNyff', 'Yc29bYyRXN', 'm4p9AGwBFY', 'DlL9Cbx6EW', 'AHe9RxeOI4', 'aqc9SpEGqs', 'pRe9FbxeHV', 'YBd9yhMaEB'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, sSPf2XtCj1ADgrgOa2.csHigh entropy of concatenated method names: 'omYFoyCLQp', 'lpDFDdYorL', 'MCAFPssy8e', 'SW9Fn8FHu2', 'hSbFmAIgWu', 'OC0FvJ7ApD', 'CUmFq3ri4U', 'N5QSZ2M1xJ', 'XGNSxbTTgD', 'SrFSJlNWd1'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, M44kKZXkZwVsM60at7.csHigh entropy of concatenated method names: 'F7eD0a58py', 'OOwDnqQBfL', 'Vx7DmSJaxo', 'sGBD9ri4eF', 'GXgDvMOu0V', 'oUKDqSf2FW', 'XwrDKX4RLB', 'MC6DXPqFZn', 'w5BDNApy1h', 'JTCDeDMeQ8'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, aGLNUNJQSQFJGTs0OW.csHigh entropy of concatenated method names: 'CjuShiFCN9', 'rmKSfMfgMh', 'PqxSEJ7EE6', 'wg4SLpwxPr', 'j3fSB4oxtb', 'sbBSp9TGbv', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, CJb8SAmHKUInw3xxbP.csHigh entropy of concatenated method names: 'Dispose', 'u6MoJwbj8L', 'sY25fckibC', 'wrbiirTZwg', 'ycGotnN0BZ', 'oKioz4RZ1m', 'ProcessDialogKey', 'Bkl5lGLNUN', 'USQ5oFJGTs', 'eOW55FSPf2'
                    Source: 0.2.Quote List.scr.exe.40c56c0.4.raw.unpack, pdRpjyU5XUnOYfgY7d.csHigh entropy of concatenated method names: 'MbS2YC6FJt', 'KVG2bHAHcr', 'Icj2h9Anyw', 'OrZ2fscNh1', 'AkO2LKijUJ', 'MXr2p6uEdg', 'xww2kbdbIH', 'rWt2rQb4OG', 'cRd2j6X5Sk', 'VHa2VUlTk5'
                    Source: C:\Users\user\Desktop\Quote List.scr.exeFile created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeJump to dropped file

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 5372, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 7200, type: MEMORYSTR
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: F70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 2720000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 4720000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 7CA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 8CA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 8E70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 9E70000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: A210000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: B210000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: C210000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 3060000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: 2E60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 23A0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 25D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 2420000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 7520000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 8520000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 86D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 96D0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 9A30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: AA30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: BA30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 2C60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory allocated: 4C60000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5907Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2219Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6034Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 799Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeWindow / User API: threadDelayed 4106Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeWindow / User API: threadDelayed 5734Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exe TID: 2672Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7256Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7216Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exe TID: 6128Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe TID: 7232Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7440Thread sleep count: 6034 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7424Thread sleep count: 799 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7476Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7460Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe TID: 7380Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe TID: 7392Thread sleep count: 4106 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe TID: 7416Thread sleep count: 5734 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: szy1nek2.2qr.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                    Source: szy1nek2.2qr.8.drBinary or memory string: discord.comVMware20,11696428655f
                    Source: szy1nek2.2qr.8.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: global block list test formVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                    Source: Quote List.scr.exe, 00000000.00000002.2060080059.0000000000C21000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                    Source: szy1nek2.2qr.8.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                    Source: szy1nek2.2qr.8.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                    Source: Quote List.scr.exe, 00000004.00000002.2053003357.0000000001316000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y\
                    Source: szy1nek2.2qr.8.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                    Source: Quote List.scr.exe, 00000008.00000002.4491025861.0000000000E75000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlla
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                    Source: szy1nek2.2qr.8.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                    Source: szy1nek2.2qr.8.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                    Source: szy1nek2.2qr.8.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: outlook.office.comVMware20,11696428655s
                    Source: szy1nek2.2qr.8.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                    Source: szy1nek2.2qr.8.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: AMC password management pageVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: tasks.office.comVMware20,11696428655o
                    Source: Quote List.scr.exe, 00000004.00000002.2053003357.000000000134D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}^^1
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                    Source: szy1nek2.2qr.8.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                    Source: szy1nek2.2qr.8.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: dev.azure.comVMware20,11696428655j
                    Source: szy1nek2.2qr.8.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                    Source: szy1nek2.2qr.8.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                    Source: szy1nek2.2qr.8.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                    Source: szy1nek2.2qr.8.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                    Source: szy1nek2.2qr.8.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeCode function: 8_2_00E3EF30 LdrInitializeThunk,8_2_00E3EF30
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe"
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\Quote List.scr.exeMemory written: C:\Users\user\Desktop\Quote List.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeMemory written: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Users\user\Desktop\Quote List.scr.exe "C:\Users\user\Desktop\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeProcess created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe" Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeProcess created: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"Jump to behavior
                    Source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                    Source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002F19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorer - Prog@\jq explorer - Program Manager
                    Source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002EF5000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002F19000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorer - Program Manager
                    Source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002DFD000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: explorer - Program ManagerP
                    Source: Quote List.scr.exe, 00000008.00000002.4492030953.0000000002EBB000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002D5D000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerlBjq
                    Source: C:\Users\user\Desktop\Quote List.scr.exeQueries volume information: C:\Users\user\Desktop\Quote List.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeQueries volume information: C:\Users\user\Desktop\Quote List.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\Quote List.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntivirusProduct

                    Stealing of Sensitive Information

                    barindex
                    Yara detected XenoRAT
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27ef9b8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Quote List.scr.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.293d7e8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.293d7e8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.2948ec8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27fb098.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.2948ec8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27ef9b8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27fb098.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2060791178.000000000293C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2084770494.00000000027EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2052739105.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 5372, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 6548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 7200, type: MEMORYSTR
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior

                    Remote Access Functionality

                    barindex
                    Yara detected XenoRAT
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27ef9b8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 4.2.Quote List.scr.exe.400000.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.293d7e8.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.293d7e8.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.2948ec8.0.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27fb098.1.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 0.2.Quote List.scr.exe.2948ec8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27ef9b8.0.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 6.2.Quote List.scr.exe.27fb098.1.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000000.00000002.2060791178.000000000293C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000006.00000002.2084770494.00000000027EE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000004.00000002.2052739105.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 5372, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 6548, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: Quote List.scr.exe PID: 7200, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		112
                    Process Injection                    		1
                    Masquerading                    		1
                    OS Credential Dumping                    		111
                    Security Software Discovery                    		Remote Services11
                    Input Capture                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		11
                    Input Capture                    		2
                    Process Discovery                    		Remote Desktop Protocol11
                    Archive Collected Data                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                    Virtualization/Sandbox Evasion                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin Shares1
                    Data from Local System                    		1
                    Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook112
                    Process Injection                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    Deobfuscate/Decode Files or Information                    		LSA Secrets1
                    File and Directory Discovery                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                    Obfuscated Files or Information                    		Cached Domain Credentials13
                    System Information Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items12
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 signatures2 2 Behavior Graph ID: 1522468 Sample: Quote List.scr.exe Startdate: 30/09/2024 Architecture: WINDOWS Score: 100 42 Suricata IDS alerts for network traffic 2->42 44 Found malware configuration 2->44 46 Malicious sample detected (through community Yara rule) 2->46 48 11 other signatures 2->48 9 Quote List.scr.exe 4 2->9         started        process3 file4 32 C:\Users\user\...\Quote List.scr.exe.log, CSV 9->32 dropped 60 Adds a directory exclusion to Windows Defender 9->60 62 Injects a PE file into a foreign processes 9->62 13 Quote List.scr.exe 4 9->13         started        16 powershell.exe 23 9->16         started        signatures5 process6 file7 34 C:\Users\user\AppData\...\Quote List.scr.exe, PE32 13->34 dropped 36 C:\...\Quote List.scr.exe:Zone.Identifier, ASCII 13->36 dropped 19 Quote List.scr.exe 3 13->19         started        40 Loading BitLocker PowerShell Module 16->40 22 conhost.exe 16->22         started        signatures8 process9 signatures10 50 Adds a directory exclusion to Windows Defender 19->50 52 Injects a PE file into a foreign processes 19->52 24 Quote List.scr.exe 14 19->24         started        28 powershell.exe 23 19->28         started        process11 dnsIp12 38 66.63.168.142, 4782, 49709, 49717 ASN-QUADRANET-GLOBALUS United States 24->38 54 Tries to harvest and steal browser information (history, passwords, etc) 24->54 56 Installs a global keyboard hook 24->56 58 Loading BitLocker PowerShell Module 28->58 30 conhost.exe 28->30         started        signatures13 process14

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    Quote List.scr.exe21%ReversingLabsWin32.Trojan.CrypterX

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe21%ReversingLabsWin32.Trojan.CrypterX
                    C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe26%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                    https://duckduckgo.com/chrome_newtab0%URL Reputationsafe
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%URL Reputationsafe
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%URL Reputationsafe
                    https://duckduckgo.com/ac/?q=0%URL Reputationsafe
                    https://www.ecosia.org/newtab/0%URL Reputationsafe
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search0%URL Reputationsafe
                    66.63.168.1422%VirustotalBrowse
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%VirustotalBrowse
                    https://www.google.com/images/branding/product/ico/googleg_lodp.ico0%VirustotalBrowse

                    Domains and IPs

                    Contacted Domains

                    No contacted domains info

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    66.63.168.142trueunknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://ac.ecosia.org/autocomplete?q=m3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/chrome_newtabm3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=m3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=m3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://duckduckgo.com/ac/?q=m3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.google.com/images/branding/product/ico/googleg_lodp.icom3w51req.inw.8.drfalseunknown
                    https://www.ecosia.org/newtab/m3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameQuote List.scr.exe, 00000000.00000002.2060791178.00000000028EB000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000006.00000002.2084770494.000000000279B000.00000004.00000800.00020000.00000000.sdmp, Quote List.scr.exe, 00000008.00000002.4492030953.0000000002C61000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/0Quote List.scr.exe, Quote List.scr.exe.4.drfalseunknown
                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=m3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchm3w51req.inw.8.drfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    66.63.168.142
                    		unknownUnited States
                    		8100ASN-QUADRANET-GLOBALUStrue

                    General Information

                    Joe Sandbox version:41.0.0 Charoite
                    Analysis ID:1522468
                    Start date and time:2024-09-30 07:16:06 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 8m 45s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                    Number of analysed new started processes analysed:12
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:Quote List.scr.exe
                    Detection:MAL
                    Classification:mal100.troj.spyw.evad.winEXE@13/22@0/1
                    EGA Information:
                    • Successful, ratio: 75%
                    HCA Information:
                    • Successful, ratio: 99%
                    • Number of executed functions: 365
                    • Number of non-executed functions: 36
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                    • Execution Graph export aborted for target Quote List.scr.exe, PID 6548 because it is empty
                    • Not all processes where analyzed, report is missing behavior information
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtCreateKey calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    01:16:56API Interceptor10306262x Sleep call for process: Quote List.scr.exe modified
                    01:16:58API Interceptor21x Sleep call for process: powershell.exe modified

                    Joe Sandbox View / Context

                    IPs

                    No context

                    Domains

                    No context

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    ASN-QUADRANET-GLOBALUS58ADE05412907F657812BDA267C43288EA79418091.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 66.63.187.123
                    New Order.docGet hashmaliciousSnake KeyloggerBrowse
                    • 66.63.187.123
                    http://telegram.beethovenstore.com/Get hashmaliciousUnknownBrowse
                    • 104.247.162.201
                    https://83153.cc/Get hashmaliciousUnknownBrowse
                    • 27.0.235.36
                    0225139776.docx.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 66.63.187.123
                    http://bet938r.com/Get hashmaliciousUnknownBrowse
                    • 27.0.235.160
                    https://bet958v.com/Get hashmaliciousUnknownBrowse
                    • 27.0.235.160
                    Faktura 5643734_10.docGet hashmaliciousUnknownBrowse
                    • 66.63.187.123
                    Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 66.63.187.123
                    Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                    • 66.63.187.123

                    JA3 Fingerprints

                    No context

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Quote List.scr.exe.log

                    Download File
                    Process:C:\Users\user\Desktop\Quote List.scr.exe
                    File Type:CSV text
                    Category:dropped
                    Size (bytes):1968
                    Entropy (8bit):5.345338934370444
                    Encrypted:false
                    SSDEEP:48:MxHKlYHKh3ouHgJHreylEHMHKo/tHo6hAHKzeRHKx1qHxvj:iqlYqh3ou0aymsqwtI6eqzqqxwRb
                    MD5:A6AE821E85EB04F10E67C9D65E129C47
                    SHA1:8B3295F40A2F7DCA294DE5502CFE6A751239DB2C
                    SHA-256:BD5DE47C737626F6A162CDFE9476DE310476B56FAF917092DF2D9CD4059A6A41
                    SHA-512:22E2404E8D989DC1F58B209B48A2BD0AFFA0E19B09100C3FD8417A8A23EBA109A36AF7031CAE33F8FF5BD798F01F81ACA129D90801B34A9607C2D62A63C643DD
                    Malicious:true
                    Reputation:moderate, very likely benign file
                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"WindowsBase, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\4d760e3e4675c4a4c66b64205fb0d001\WindowsBase.ni.dll",0..3,"PresentationCore, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\17470ef0c7a174f38bdcadacc3e310ad\PresentationCore.ni.dll",0..3,"PresentationFramework, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35","C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\

                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:data
                    Category:dropped
                    Size (bytes):1172
                    Entropy (8bit):5.357042452875322
                    Encrypted:false
                    SSDEEP:24:3CytZWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:yyjWSU4y4RQmFoUeWmfmZ9tK8NDE
                    MD5:475D428E7231D005EEA5DB556DBED03F
                    SHA1:3D603ED4280E0017D1BEB124D68183F8283B5C22
                    SHA-256:1314488A930843A7E1A003F2E7C1D883DB44ADEC26AC1CA096FE8DC1B4B180F5
                    SHA-512:7181BDCE6DA8DA8AFD3A973BB2B0BA470468EFF32FFB338DB2662FEFA1A7848ACD87C319706B95401EA18DC873CA098DC722EA6F8B2FD04F1AABD2AEBEA97CF9
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:@...e.................................^..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                    C:\Users\user\AppData\Local\Temp\0ckz32p0.vg5

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                    Category:dropped
                    Size (bytes):20480
                    Entropy (8bit):0.6732424250451717
                    Encrypted:false
                    SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                    MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                    SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                    SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                    SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                    Malicious:false
                    Reputation:high, very likely benign file
                    Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe

                    Download File
                    Process:C:\Users\user\Desktop\Quote List.scr.exe
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):583176
                    Entropy (8bit):7.59853529834581
                    Encrypted:false
                    SSDEEP:12288:8NUxwjxPMBCqh/pe8hkbikWQYXLEtYt+tyKsI3TBB9kR:8NUxh//Q8hkz1wL1+tlBBg
                    MD5:DC2BCE43A2B3398E375FDB600650A576
                    SHA1:A6C6CCF9AFFA2095EB481950F036C00CD3C4E437
                    SHA-256:509070CD30EB4CB05C29FE8CB222166C1C7DB0F6084EA5B91E37BAC79C14AC30
                    SHA-512:E8591426A0D5C71CBFF9BA465742A2D989CFFC03B986D46961E5098D72B62DF917130251D7860A2B1C622D966F94A2272EEEAF037AF5F535842BF5177EB2CBA0
                    Malicious:true
                    Antivirus:
                    • Antivirus: ReversingLabs, Detection: 21%
                    • Antivirus: Virustotal, Detection: 26%, Browse
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$.f..............0..x...0........... ........@.. ....................................@.................................M...O.......t$...............6...........~..T............................................ ............... ..H............text....r... ...x.................. ..`.rsrc...t$.......(..................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe:Zone.Identifier

                    Download File
                    Process:C:\Users\user\Desktop\Quote List.scr.exe
                    File Type:ASCII text, with CRLF line terminators
                    Category:modified
                    Size (bytes):26
                    Entropy (8bit):3.95006375643621
                    Encrypted:false
                    SSDEEP:3:ggPYV:rPYV
                    MD5:187F488E27DB4AF347237FE461A079AD
                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                    Malicious:true
                    Preview:[ZoneTransfer]....ZoneId=0

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5ioiwjby.ake.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bwqyhjhe.u2s.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hbeov3or.p1k.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hhbopwi4.atn.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lm1ge354.lvx.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_pyxud3lx.p3m.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tgun5iiv.pbv.psm1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zw4qovnv.0io.ps1

                    Download File
                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    File Type:ASCII text, with no line terminators
                    Category:dropped
                    Size (bytes):60
                    Entropy (8bit):4.038920595031593
                    Encrypted:false
                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                    Malicious:false
                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                    C:\Users\user\AppData\Local\Temp\c0x15ytk.npd

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):51200
                    Entropy (8bit):0.8746135976761988
                    Encrypted:false
                    SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                    MD5:9E68EA772705B5EC0C83C2A97BB26324
                    SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                    SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                    SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\c5oaqdws.cs1

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):40960
                    Entropy (8bit):0.8553638852307782
                    Encrypted:false
                    SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                    MD5:28222628A3465C5F0D4B28F70F97F482
                    SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                    SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                    SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\fsiukqpv.3qa

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):159744
                    Entropy (8bit):0.5394293526345721
                    Encrypted:false
                    SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                    MD5:52701A76A821CDDBC23FB25C3FCA4968
                    SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                    SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                    SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                    Malicious:false
                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\k0d4rjsb.fq1

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):159744
                    Entropy (8bit):0.5394293526345721
                    Encrypted:false
                    SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                    MD5:52701A76A821CDDBC23FB25C3FCA4968
                    SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                    SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                    SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                    Malicious:false
                    Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\m3w51req.inw

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                    Category:dropped
                    Size (bytes):106496
                    Entropy (8bit):1.136413900497188
                    Encrypted:false
                    SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                    MD5:429F49156428FD53EB06FC82088FD324
                    SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                    SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                    SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                    Malicious:false
                    Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\nsajgeyy.fvp

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                    Category:dropped
                    Size (bytes):20480
                    Entropy (8bit):0.8439810553697228
                    Encrypted:false
                    SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                    MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                    SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                    SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                    SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                    Malicious:false
                    Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\s15sst01.ncp

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                    Category:modified
                    Size (bytes):155648
                    Entropy (8bit):0.5407252242845243
                    Encrypted:false
                    SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                    MD5:7B955D976803304F2C0505431A0CF1CF
                    SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                    SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                    SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                    Malicious:false
                    Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\szy1nek2.2qr

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                    Category:dropped
                    Size (bytes):196608
                    Entropy (8bit):1.121297215059106
                    Encrypted:false
                    SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                    MD5:D87270D0039ED3A5A72E7082EA71E305
                    SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                    SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                    SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                    Malicious:false
                    Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\xh1c3rgj.evp

                    Download File
                    Process:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                    Category:dropped
                    Size (bytes):155648
                    Entropy (8bit):0.5407252242845243
                    Encrypted:false
                    SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                    MD5:7B955D976803304F2C0505431A0CF1CF
                    SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                    SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                    SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                    Malicious:false
                    Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    Static File Info

                    General

                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Entropy (8bit):7.59853529834581
                    TrID:
                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    • Win32 Executable (generic) a (10002005/4) 49.96%
                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                    • Generic Win/DOS Executable (2004/3) 0.01%
                    • DOS Executable Generic (2002/1) 0.01%
                    File name:Quote List.scr.exe
                    File size:583'176 bytes
                    MD5:dc2bce43a2b3398e375fdb600650a576
                    SHA1:a6c6ccf9affa2095eb481950f036c00cd3c4e437
                    SHA256:509070cd30eb4cb05c29fe8cb222166c1c7db0f6084ea5b91e37bac79c14ac30
                    SHA512:e8591426a0d5c71cbff9ba465742a2d989cffc03b986d46961e5098d72b62df917130251d7860a2b1c622d966f94a2272eeeaf037af5f535842bf5177eb2cba0
                    SSDEEP:12288:8NUxwjxPMBCqh/pe8hkbikWQYXLEtYt+tyKsI3TBB9kR:8NUxh//Q8hkz1wL1+tlBBg
                    TLSH:8BC4CFD03F367316CEA85934D12ADDB582A52E78B04479E36ADD3B5B79DC201AE0CF06
                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....$.f..............0..x...0........... ........@.. ....................................@................................

                    File Icon

                    Icon Hash:07232160d4603107

                    Static PE Info

                    General

                    Entrypoint:0x4892a2
                    Entrypoint Section:.text
                    Digitally signed:true
                    Imagebase:0x400000
                    Subsystem:windows gui
                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Time Stamp:0x66FA24A6 [Mon Sep 30 04:10:14 2024 UTC]
                    TLS Callbacks:
                    CLR (.Net) Version:
                    OS Version Major:4
                    OS Version Minor:0
                    File Version Major:4
                    File Version Minor:0
                    Subsystem Version Major:4
                    Subsystem Version Minor:0
                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                    Authenticode Signature

                    Signature Valid:false
                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                    Signature Validation Error:The digital signature of the object did not verify
                    Error Number:-2146869232
                    Not Before, Not After
                    • 13/11/2018 01:00:00 09/11/2021 00:59:59
                    Subject Chain
                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                    Version:3
                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                    Serial:7C1118CBBADC95DA3752C46E47A27438

                    Entrypoint Preview

                    Instruction
                    jmp dword ptr [00402000h]
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al
                    add byte ptr [eax], al

                    Data Directories

                    NameVirtual AddressVirtual Size Is in Section
                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8924d0x4f.text
                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x8a0000x2474.rsrc
                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                    IMAGE_DIRECTORY_ENTRY_SECURITY0x8b0000x3608
                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x8e0000xc.reloc
                    IMAGE_DIRECTORY_ENTRY_DEBUG0x87e1c0x54.text
                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                    Sections

                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                    .text0x20000x872a80x878001c1c8c0d5d5f2f09e54b6f1719215042False0.8336870819880073data7.611324168922041IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    .rsrc0x8a0000x24740x2800611f445bb78730844282767377ad7dfdFalse0.8431640625data7.240449698032378IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                    .reloc0x8e0000xc0x80097590a86c83313378a6b024d01063b9bFalse0.01611328125data0.03037337037012526IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                    Resources

                    NameRVASizeTypeLanguageCountryZLIB Complexity
                    RT_ICON0x8a0c80x2028PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9876093294460642
                    RT_GROUP_ICON0x8c1000x14data1.05
                    RT_VERSION0x8c1240x34cdata0.43601895734597157

                    Imports

                    DLLImport
                    mscoree.dll_CorExeMain

                    Network Behavior

                    Suricata IDS Alerts

                    TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                    2024-09-30T07:17:58.594872+02002050111ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive1192.168.2.54971766.63.168.1424782TCP
                    2024-09-30T07:18:15.347332+02002050110ET MALWARE [ANY.RUN] Xeno-RAT TCP Check-In166.63.168.1424782192.168.2.549723TCP
                    2024-09-30T07:18:44.411111+02002050111ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive1192.168.2.54972366.63.168.1424782TCP
                    2024-09-30T07:20:02.796255+02002050111ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive1192.168.2.54971766.63.168.1424782TCP
                    2024-09-30T07:20:45.558491+02002050111ET MALWARE [ANY.RUN] Xeno-RAT TCP Keep-Alive1192.168.2.54971766.63.168.1424782TCP

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Sep 30, 2024 07:17:00.153269053 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:00.158165932 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:00.158262968 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:11.990123034 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:12.004854918 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:12.009725094 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:12.190288067 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:12.191662073 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:12.196470976 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:13.258305073 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:13.308310032 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:13.666953087 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:13.714562893 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:13.725671053 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:13.730632067 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:14.769503117 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:14.773894072 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:14.778784037 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:14.778852940 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:14.823999882 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:15.366102934 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:15.367292881 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:15.372076035 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:15.958298922 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:15.960098982 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:15.960701942 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:15.961199999 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:15.962311029 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:15.964927912 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:15.965442896 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:15.965962887 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:15.967103958 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:17.589504957 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:17.590158939 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:17.591310024 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:17.592225075 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:17.596092939 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:17.596999884 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:17.597069979 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:17.636493921 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:18.178728104 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:18.180516005 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:18.185296059 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:18.678194046 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:18.679498911 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:18.679879904 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:18.680957079 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:18.681739092 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:18.684345007 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:18.684629917 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:18.685669899 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:18.686520100 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:19.065787077 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:19.069921017 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:19.075853109 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:20.369154930 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:20.370690107 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:20.370929956 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:20.375636101 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:20.375746012 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:20.390640020 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:20.395510912 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:20.421230078 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:20.691926956 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:20.692923069 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:20.697804928 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:23.067501068 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:23.068851948 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:23.073741913 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:23.997766972 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:23.999474049 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:24.000169992 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:24.000612020 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:24.001055002 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:24.004745007 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:24.004955053 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:24.005414963 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:24.005800009 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:24.095817089 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:24.097558022 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:24.102492094 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:25.162899971 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:25.170170069 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:25.175020933 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:25.865819931 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:25.877190113 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:25.882008076 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:26.198877096 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:26.245856047 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:26.569030046 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:26.570753098 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:26.575690031 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:27.984492064 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:27.986390114 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:27.991348028 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:28.391279936 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:28.397665977 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:28.402606010 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102756977 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102775097 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102797985 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102811098 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102827072 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102839947 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.102860928 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.102911949 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.178704023 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.178721905 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.178781986 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.178823948 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.178838015 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.178852081 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.178865910 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.178872108 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.178905010 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.179316044 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.179331064 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.179371119 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.227153063 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.230114937 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:39.231993914 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:39.234956980 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:40.371185064 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:40.372627974 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:40.378187895 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:41.070739985 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:41.120882034 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:41.460808039 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:41.467030048 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:41.471859932 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:42.261754990 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:42.264753103 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:42.269526005 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:53.688088894 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:53.689337969 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:53.690938950 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:53.691016912 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:53.694205999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:53.694291115 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:53.697102070 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:53.700939894 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:53.701845884 CEST47824972166.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:53.701905966 CEST497214782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:53.730329037 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:55.670784950 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:55.672118902 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:55.677130938 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.101027966 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.102608919 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:56.107465029 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.546067953 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.547348022 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:56.547749996 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:56.548171997 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:56.548614979 CEST497094782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:56.552242041 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.552514076 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.552939892 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:56.553373098 CEST47824970966.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:57.241323948 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:57.246850014 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:57.251681089 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:58.593389988 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:17:58.594871998 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:17:58.599692106 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:01.504199028 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:01.558372974 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:02.384397984 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:02.388886929 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:02.393718004 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:03.367945910 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:03.369199038 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:03.374007940 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:04.252965927 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:04.254933119 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:04.259747028 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:06.663697958 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:06.669415951 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:06.674268961 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.271641970 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.271665096 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.271682978 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.271696091 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.271708965 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.271754026 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.271817923 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.347332001 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.347347975 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.347361088 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.347451925 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.347554922 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.347554922 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.352076054 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.352087975 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.352101088 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.352113962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.352149963 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.352220058 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.361980915 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.361991882 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.362068892 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.362095118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.362154007 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.362195015 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.434786081 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.434798956 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.434809923 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.434820890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.434859991 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.434923887 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.439501047 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.439511061 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.439549923 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.439562082 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.439573050 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.439573050 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.439630032 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.444176912 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.444190979 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.444200993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.444250107 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.444272041 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.444273949 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.444288015 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.444292068 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.444334984 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.448964119 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.448976994 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.448987007 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.449021101 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.449073076 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.529952049 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.529968023 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.529988050 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.529999018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.530055046 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.530114889 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.530152082 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.530210018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.530222893 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.530256033 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.530266047 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.530277967 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.530329943 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.531091928 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531102896 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531114101 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531152010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531153917 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.531164885 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531181097 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.531236887 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.531881094 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531893015 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531903982 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531939030 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.531944990 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.531951904 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.532017946 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.532797098 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.532813072 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.532824039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.532834053 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.532845020 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.532854080 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.532918930 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.533571005 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.533582926 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.533593893 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.533633947 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.533648014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.533658981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.533690929 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.534388065 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.534459114 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.626619101 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626683950 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626693964 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626734018 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.626741886 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626754999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626765013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626777887 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626795053 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.626837015 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.626949072 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.626998901 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.627007961 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627018929 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627053976 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.627084017 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627094984 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627105951 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627113104 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627160072 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.627168894 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627183914 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.627916098 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627928019 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627938986 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627969027 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.627995014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.627998114 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.628007889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628019094 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628030062 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628041029 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628053904 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.628077984 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.628829956 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628842115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628851891 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628885031 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.628912926 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628916979 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.628926039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628936052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628947020 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628961086 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.628968954 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.628994942 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.629698038 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629751921 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.629756927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629769087 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629807949 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.629832983 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629842997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629853010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629864931 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.629880905 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.629916906 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.702578068 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702605009 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702616930 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702709913 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702721119 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702733994 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702774048 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702784061 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702794075 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702805042 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702807903 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.702888012 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.702920914 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702933073 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702944040 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702954054 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702965021 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.702976942 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.703007936 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.703577042 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703588009 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703598976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703634977 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703635931 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.703646898 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703669071 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703679085 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.703680038 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.703717947 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.703748941 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717197895 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717217922 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717223883 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717288017 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717293978 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717344999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717382908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717384100 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717396021 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717425108 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717447042 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717472076 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717483997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717494965 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717510939 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717519999 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717560053 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717618942 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717638016 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717648029 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717658997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717669964 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717681885 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.717701912 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.717737913 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.718370914 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718383074 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718393087 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718431950 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.718533993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718544960 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718555927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718589067 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.718621016 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.718630075 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718641996 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718652010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718663931 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718684912 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.718718052 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.718720913 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718734026 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718750000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.718774080 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.761507988 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797060966 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797086000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797094107 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797125101 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797135115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797280073 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797283888 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797326088 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797329903 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797338009 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797348976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797380924 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797522068 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797540903 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797552109 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797584057 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797621965 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797715902 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797748089 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797758102 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797791958 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797879934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797938108 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.797954082 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.797966003 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798019886 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.798031092 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798043013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798079014 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.798160076 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798197031 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798207045 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798253059 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.798346043 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798356056 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798404932 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798414946 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.798448086 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.798449993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798513889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798564911 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798567057 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.798902988 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.798954964 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799213886 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799263000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799304962 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799344063 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799355030 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799403906 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799412966 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799415112 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799427032 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799438000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799452066 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799489021 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799643040 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799701929 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799711943 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799752951 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799753904 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799765110 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799794912 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.799881935 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799892902 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799904108 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799911976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.799946070 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.800060034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.800103903 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.800112963 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.800116062 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.800158978 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.800168991 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.800180912 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.800189972 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.800220013 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.802155018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.802165985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.802176952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.802194118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.802205086 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.802215099 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.802263975 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.807945013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.807962894 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.807974100 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808039904 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808062077 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808073044 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808084965 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808095932 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808109045 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808132887 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808140039 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808144093 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808186054 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808248997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808259010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808269978 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808280945 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808290958 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808296919 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808307886 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808351994 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808358908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808370113 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808381081 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808408976 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808429003 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808437109 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808449030 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808464050 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808474064 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808491945 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808512926 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808516026 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808590889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808602095 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808613062 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808639050 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808664083 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808665037 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.808676958 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.808716059 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874191046 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874202967 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874212980 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874262094 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874361038 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874372959 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874382973 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874387980 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874397993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874423981 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874459982 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874510050 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874520063 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874530077 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874537945 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874545097 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874553919 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874563932 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874572039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874582052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874588013 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874607086 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874634027 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874684095 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874695063 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874739885 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874872923 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874883890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874893904 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874898911 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.874942064 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.874952078 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875022888 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875032902 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875041962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875077009 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875190020 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875200987 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875221014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875231981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875241995 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875248909 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875252962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875266075 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875273943 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875296116 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875427961 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875438929 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875448942 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875458002 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875468969 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875478029 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875494003 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875508070 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875514984 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875606060 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875617027 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875628948 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875638962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875658989 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875690937 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.875777006 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875788927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.875833988 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.876302958 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876313925 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876352072 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.876450062 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876461983 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876471043 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876482010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876492023 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876496077 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.876502991 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.876516104 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.876550913 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.887808084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887819052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887835026 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887845039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887856007 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887866974 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887876034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887876987 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.887897968 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.887923956 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.887931108 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.887972116 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888118982 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888128042 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888139009 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888179064 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888195038 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888236046 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888266087 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888277054 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888286114 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888295889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888315916 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888345957 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888482094 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888613939 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888623953 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888633966 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888643026 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888658047 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888665915 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888669968 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888679981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888690948 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888693094 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.888705969 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.888726950 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892488956 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892539024 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892556906 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892566919 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892576933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892586946 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892597914 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892601013 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892613888 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892631054 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892637014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892647982 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892654896 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892658949 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892669916 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892679930 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892689943 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892689943 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892704010 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892707109 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892734051 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892740011 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892750025 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892760038 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892776012 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892780066 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892786980 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892796993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892805099 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892807961 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892819881 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892829895 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.892832994 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892855883 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.892868996 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898475885 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898495913 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898505926 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898545980 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898593903 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898605108 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898614883 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898626089 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898636103 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898644924 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898658991 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898684978 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898686886 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898698092 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898720026 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898726940 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898802996 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898813963 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898824930 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898842096 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898854017 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898875952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898885965 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898905993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898915052 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.898977995 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898988962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.898998976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899008989 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899030924 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.899055958 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899058104 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.899094105 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.899116039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899127007 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899162054 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.899178982 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899190903 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899200916 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899221897 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899250031 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.899262905 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.899275064 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899291039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899301052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.899324894 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.949059963 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.963713884 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963776112 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963829994 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963840008 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963881969 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963891029 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963901997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963910103 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.963910103 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.963922977 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.963932037 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.963968039 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.963995934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964006901 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964016914 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964027882 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964046955 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964080095 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964083910 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964123011 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964132071 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964159966 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964181900 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964194059 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964227915 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964257956 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964268923 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964277983 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964287043 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964297056 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964302063 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964335918 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964417934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964482069 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964492083 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964524984 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964554071 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964565039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964575052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964584112 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964602947 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964618921 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964701891 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964711905 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964720964 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964731932 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964746952 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964770079 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964777946 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964782000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964787960 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964806080 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964816093 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964835882 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964848042 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964915037 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964926004 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964935064 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964967966 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.964984894 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.964993954 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965023041 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.965339899 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965388060 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965396881 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965399981 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.965431929 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.965452909 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965462923 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965471029 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965498924 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.965524912 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965537071 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.965572119 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979233980 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979243040 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979250908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979298115 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979310036 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979320049 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979329109 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979406118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979414940 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979433060 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979439974 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979449034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979454041 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979454041 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979461908 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979466915 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979476929 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979497910 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979510069 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.979537010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979547024 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979556084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.979588985 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980294943 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980333090 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980334997 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980344057 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980380058 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980408907 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980418921 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980427980 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980437994 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980465889 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980494976 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980755091 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980765104 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980775118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980808973 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980815887 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980850935 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980889082 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980899096 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980910063 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980918884 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980937004 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980958939 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.980967999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980978012 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.980986118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.981009960 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.981065989 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.981076956 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.981085062 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.981106043 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:15.981116056 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:15.981148958 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002337933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002348900 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002358913 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002368927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002405882 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002489090 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002500057 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002564907 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002564907 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002648115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002659082 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002667904 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002676010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002685070 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002695084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002696991 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002710104 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002724886 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002850056 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002860069 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002882957 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002892017 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002902031 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002902985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002913952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002928019 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002928019 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002938032 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.002943993 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002971888 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.002995014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003005981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003040075 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.003177881 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003190041 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003200054 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003226042 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.003240108 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.003372908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003390074 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.003438950 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.057559967 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057574034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057586908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057708025 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057718992 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057729006 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057739973 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057750940 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057760954 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057789087 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.057789087 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.057790041 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.057889938 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057903051 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.057923079 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.057950020 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058067083 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058079004 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058089018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058099985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058109999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058120012 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058121920 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058132887 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058144093 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058154106 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058157921 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058167934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058182001 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058196068 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058208942 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058221102 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058231115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058248043 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058264017 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058408022 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058420897 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058430910 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058442116 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058453083 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058459044 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058465004 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058475018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058475018 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058511019 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058576107 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058588028 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058597088 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058608055 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058620930 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058631897 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058643103 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058645964 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058654070 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058665037 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058664083 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058676958 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058690071 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058698893 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058717966 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058728933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058739901 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.058767080 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.058787107 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.059099913 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059111118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059120893 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059148073 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.059282064 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059293032 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059297085 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059302092 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059308052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059313059 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059323072 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059329987 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.059375048 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.059398890 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.070812941 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.070825100 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.070874929 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.070960999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.070971012 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.070982933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.070993900 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071003914 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071105957 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071105957 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071105957 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071161032 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071171999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071181059 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071192026 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071213007 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071228981 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071316004 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071327925 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071371078 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071402073 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071913958 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071923971 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071933985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.071963072 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.071981907 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.072074890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072086096 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072096109 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072104931 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072124958 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.072149992 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.072237015 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072593927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072640896 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.072757006 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072767973 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072801113 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.072808027 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072822094 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072832108 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072846889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.072859049 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.072887897 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079670906 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079683065 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079693079 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079704046 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079725981 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079746008 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079781055 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079792023 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079802036 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079817057 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079828024 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079830885 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079839945 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079865932 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079880953 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079909086 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079920053 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079930067 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079952002 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.079965115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.079976082 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080003977 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080037117 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080048084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080076933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080091000 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080112934 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080118895 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080130100 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080151081 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080159903 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080239058 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080250025 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080260038 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080271006 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080290079 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080308914 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080312967 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080331087 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080342054 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080358982 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080384016 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080560923 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080571890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080581903 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080591917 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080605030 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080607891 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080619097 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080631018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080635071 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080641985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080652952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.080663919 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.080674887 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.136473894 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146075010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146090984 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146147013 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146238089 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146250010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146260023 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146270037 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146291971 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146322966 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146385908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146399021 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146409035 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146420002 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146434069 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146437883 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146450996 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146461964 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146470070 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146473885 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146485090 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146512032 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146708012 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146718979 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146729946 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146739960 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146765947 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146794081 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146878004 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146891117 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146902084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146912098 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.146929026 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.146948099 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147016048 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147183895 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147193909 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147203922 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147214890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147228003 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147254944 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147340059 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147351980 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147362947 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147372961 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147391081 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147404909 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147486925 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147496939 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147507906 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147517920 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147525072 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147528887 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147537947 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.147542000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.147583961 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148164034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148175001 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148185968 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148209095 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148236036 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148319960 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148330927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148340940 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148351908 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148370981 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148401022 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148507118 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148519039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148529053 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148540020 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148550034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148556948 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148560047 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148572922 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.148575068 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.148600101 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161540985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161552906 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161564112 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161590099 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161608934 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161695957 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161706924 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161716938 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161726952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161737919 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161742926 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161768913 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161868095 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161880016 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161890030 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161900997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161911011 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161920071 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161928892 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.161946058 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.161956072 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.162345886 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162408113 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.162528992 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162543058 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162597895 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.162694931 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162704945 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162714958 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162724018 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162734032 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162739038 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.162764072 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.162844896 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.162899971 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.163167953 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163177967 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163188934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163198948 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163209915 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163216114 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.163244963 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.163336039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163347960 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163357973 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.163376093 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.163398027 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.171472073 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171483040 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171494961 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171504021 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171514034 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171535015 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.171552896 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.171619892 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171631098 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171641111 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171650887 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171665907 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.171679974 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.171766043 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171777964 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171809912 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.171947956 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171960115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171968937 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171981096 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171989918 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.171994925 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172003031 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172008991 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172028065 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172128916 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172138929 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172148943 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172174931 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172178984 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172190905 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172195911 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172230005 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172389030 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172399998 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172410011 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172420979 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172430992 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172435999 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172442913 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172456026 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172487974 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172545910 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172557116 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172566891 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172576904 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172591925 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172615051 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.172712088 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172724962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172734976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.172759056 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.214608908 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235452890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235466003 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235476971 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235537052 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235578060 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235589981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235599041 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235609055 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235620022 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235630035 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235640049 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235641003 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235656023 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235665083 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235665083 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235683918 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235733032 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235744953 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235754967 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235765934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.235771894 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.235797882 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236123085 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236134052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236144066 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236172915 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236175060 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236186981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236188889 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236223936 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236272097 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236284971 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236294985 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236305952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236318111 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236320019 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236352921 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236382008 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236392975 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236402988 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236421108 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236428976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236438990 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.236442089 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.236479998 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237112999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237142086 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237152100 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237179041 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237195015 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237206936 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237236023 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237251997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237267971 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237278938 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237289906 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237289906 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237320900 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237391949 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237409115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237418890 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237428904 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237440109 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237447977 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237464905 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237483025 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237534046 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237545013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237555981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237581015 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237606049 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237622976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237633944 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237657070 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237672091 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.237683058 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237750053 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.237797976 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.250973940 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.250984907 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.250996113 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251038074 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251048088 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251066923 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251095057 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251097918 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251110077 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251120090 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251149893 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251168013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251179934 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251188993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251203060 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251204967 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251260996 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251272917 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251283884 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251293898 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251312971 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251338959 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251784086 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251828909 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251832962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251842976 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251883984 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251885891 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251898050 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251907110 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251919031 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.251929998 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251967907 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.251977921 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252327919 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252351999 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252362013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252372980 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.252398014 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.252398014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252410889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252454042 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.252476931 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252487898 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252497911 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.252521038 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.260885000 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.260898113 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.260907888 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.260922909 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.260935068 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.260942936 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.260987997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.260999918 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261010885 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261024952 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261039972 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261109114 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261109114 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261109114 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261117935 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261130095 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261140108 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261167049 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261183977 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261187077 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261197090 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261223078 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261234999 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261265039 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261276960 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261303902 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261382103 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261394024 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261404037 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261415005 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261426926 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261439085 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261476040 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261487007 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261504889 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261514902 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261531115 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261542082 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261543036 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261573076 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.261601925 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261614084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.261643887 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.308366060 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.314774990 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314799070 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314809084 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314845085 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.314874887 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314886093 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314897060 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314908981 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.314925909 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.314956903 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326050997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326061010 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326071024 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326102972 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326109886 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326121092 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326121092 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326159000 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326292992 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326302052 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326312065 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326319933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326328993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326338053 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326344013 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326354027 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326358080 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326364994 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326374054 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326380968 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326395988 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326637030 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326690912 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326710939 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326720953 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326730013 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326754093 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326760054 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326766014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326775074 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326782942 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326796055 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326819897 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326833963 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326874971 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326879978 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326890945 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326900005 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326914072 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326925039 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326963902 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.326977015 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326988935 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.326997042 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327029943 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.327666044 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327712059 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.327733994 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327742100 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327765942 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327775955 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327778101 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.327812910 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.327824116 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327833891 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327872038 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.327887058 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327898026 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327934980 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.327949047 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327960014 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327969074 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.327995062 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.328016996 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328037024 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328046083 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328056097 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.328073978 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.328102112 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328110933 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328119993 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328145981 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.328217983 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328227997 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328237057 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:16.328263998 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.328275919 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.343849897 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:16.348778009 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:17.459278107 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:17.460737944 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:17.465497971 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:17.600908041 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:17.652124882 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:18.158159018 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:18.163464069 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:18.332755089 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:18.377329111 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:18.444823027 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:18.449620962 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:19.145395994 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:19.146444082 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:19.148117065 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:19.151294947 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:19.152859926 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:19.157656908 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:29.366921902 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:29.416747093 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:29.422010899 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:43.659701109 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:43.661039114 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:43.665955067 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.166536093 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.202996016 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:44.208014965 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.374980927 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.411111116 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:44.416002035 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.585557938 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.585656881 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:44.585804939 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:44.589468956 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:44.590579987 CEST47824972366.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:44.590643883 CEST497234782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:45.067493916 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:45.073174953 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:45.078118086 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:45.380327940 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:45.381715059 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:45.386632919 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:46.651488066 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:46.653078079 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:46.657942057 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:47.461366892 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:47.469331026 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:47.474327087 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:47.997803926 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:47.998884916 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:48.004386902 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:49.300213099 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:49.302323103 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:49.309438944 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:49.673005104 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:49.714633942 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:49.862592936 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:49.869447947 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:50.634752035 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:18:50.636501074 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:18:50.641386986 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:02.992306948 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:02.994873047 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:02.999737024 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:03.569787979 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:03.575229883 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:03.580013990 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:05.173173904 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:05.174566031 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:05.180295944 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:07.238032103 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:07.240262032 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:07.242757082 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:07.247674942 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:07.247709990 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:07.252558947 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:09.340564013 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:09.343635082 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:09.348536015 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:12.254945040 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:12.257003069 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:12.257036924 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:12.262003899 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:12.263519049 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:12.268395901 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:13.935708046 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:13.942779064 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:13.947788000 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:14.534152031 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:14.540194988 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:14.545099020 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:31.355360985 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:31.358810902 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:31.365654945 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:32.578937054 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:32.586452007 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:32.591373920 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:33.078238964 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:33.079735041 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:33.084650993 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:35.690438986 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:35.692796946 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:35.693371058 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:35.697812080 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:35.701051950 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:35.705873966 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:36.989531994 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:36.991055012 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:36.996073961 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:38.589751005 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:38.592129946 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:38.597146988 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:38.597364902 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:38.608213902 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:38.613276958 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:40.355809927 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:40.357439041 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:40.362343073 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:40.852541924 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:40.867048979 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:40.872270107 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:41.662986994 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:41.664465904 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:41.669431925 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:43.092627048 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:43.094479084 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:43.095093012 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:43.099891901 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:43.099946022 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:43.105285883 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:45.087439060 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:45.089109898 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:45.094177008 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:45.592824936 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:45.598409891 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:45.603276014 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:46.660389900 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:46.662929058 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:46.667951107 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:47.860511065 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:47.863579988 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:47.868947029 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:47.869688034 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:47.873931885 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:47.874552965 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:49.190989971 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:49.192826033 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:49.197804928 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:50.447973967 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:50.449898958 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:50.450836897 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:50.454796076 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:50.458318949 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:50.463139057 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:52.260097980 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:52.261775970 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:52.267234087 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:53.558058977 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:53.559979916 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:53.564826965 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:53.565442085 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:53.569998980 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:53.570940018 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:55.070931911 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:55.072663069 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:55.077630043 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:55.799716949 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:55.804258108 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:55.809161901 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:57.087085962 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:57.088877916 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:57.093806982 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:58.055474997 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:58.060873985 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:58.065804958 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:58.793144941 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:19:58.794970989 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:19:58.799931049 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:00.148749113 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:00.152153015 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:00.157052040 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:00.457890034 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:00.463243961 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:00.468127966 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:01.397032022 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:01.402972937 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:01.408072948 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:02.674930096 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:02.684485912 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:02.689311981 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:02.794481993 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:02.796255112 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:02.801110029 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:04.071863890 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:04.073327065 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:04.079771042 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:04.873539925 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:04.878237009 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:04.883111954 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:05.700324059 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:05.701993942 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:05.707053900 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:07.269803047 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:07.271136045 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:07.279804945 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:08.161447048 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:08.167145967 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:08.172094107 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:11.656529903 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:11.658308029 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:11.663239956 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:13.485105038 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:13.494949102 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:13.499946117 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:13.951361895 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:13.959872961 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:13.964787960 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:15.472482920 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:15.474018097 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:15.478998899 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:16.092731953 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:16.102876902 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:16.107917070 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:17.383570910 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:17.385288954 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:17.390265942 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:18.568164110 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:18.569737911 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:18.573462963 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:18.574690104 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:18.579330921 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:18.584220886 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:19.894926071 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:19.899040937 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:19.904881954 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:20.972848892 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:20.979448080 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:20.984608889 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:21.289053917 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:21.291480064 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:21.296427965 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:22.683765888 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:22.713049889 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:22.713124990 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:22.739602089 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:22.744509935 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:23.275306940 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:23.280819893 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:23.288618088 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:24.154275894 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:24.156867027 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:24.161808014 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:25.582191944 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:25.583316088 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:25.584733963 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:25.588283062 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:25.592853069 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:25.597714901 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:26.867176056 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:26.868952990 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:26.873892069 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:27.795842886 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:27.803544044 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:27.808557034 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:28.079996109 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:28.084180117 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:28.089093924 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:29.437165976 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:29.442889929 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:29.447917938 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:30.646043062 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:30.648351908 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:30.650212049 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:30.653374910 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:30.657279015 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:30.662199020 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:32.048502922 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:32.050056934 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:32.056361914 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:32.869404078 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:32.874475956 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:32.879484892 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:44.362709045 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:44.366272926 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:44.371154070 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:45.399729967 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:45.405234098 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:45.410177946 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:45.552820921 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:45.558490992 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:45.563445091 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:46.762381077 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:46.764514923 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:46.769392014 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:47.866421938 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:47.873651028 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:47.878631115 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:47.992192030 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:47.997926950 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:48.002867937 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:49.197191000 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:49.198743105 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:49.203655005 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.233812094 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.233870983 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.233906031 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.233932018 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.233963013 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.233963013 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:51.233973026 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:51.234009981 CEST47824972066.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.234015942 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:51.234047890 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:51.235182047 CEST497174782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:51.238135099 CEST497204782192.168.2.566.63.168.142
                    Sep 30, 2024 07:20:51.240966082 CEST47824971766.63.168.142192.168.2.5
                    Sep 30, 2024 07:20:51.243104935 CEST47824972066.63.168.142192.168.2.5

                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:01:16:55
                    Start date:30/09/2024
                    Path:C:\Users\user\Desktop\Quote List.scr.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\Quote List.scr.exe"
                    Imagebase:0x440000
                    File size:583'176 bytes
                    MD5 hash:DC2BCE43A2B3398E375FDB600650A576
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000000.00000002.2060791178.000000000293C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:3
                    Start time:01:16:56
                    Start date:30/09/2024
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\Quote List.scr.exe"
                    Imagebase:0x10000
                    File size:433'152 bytes
                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:4
                    Start time:01:16:56
                    Start date:30/09/2024
                    Path:C:\Users\user\Desktop\Quote List.scr.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\Desktop\Quote List.scr.exe"
                    Imagebase:0xc30000
                    File size:583'176 bytes
                    MD5 hash:DC2BCE43A2B3398E375FDB600650A576
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000004.00000002.2052739105.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:5
                    Start time:01:16:56
                    Start date:30/09/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff6d64d0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:6
                    Start time:01:16:57
                    Start date:30/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Imagebase:0x230000
                    File size:583'176 bytes
                    MD5 hash:DC2BCE43A2B3398E375FDB600650A576
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_XenoRAT, Description: Yara detected XenoRAT, Source: 00000006.00000002.2084770494.00000000027EE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Antivirus matches:
                    • Detection: 21%, ReversingLabs
                    • Detection: 26%, Virustotal, Browse
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:7
                    Start time:01:16:58
                    Start date:30/09/2024
                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Imagebase:0x10000
                    File size:433'152 bytes
                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:8
                    Start time:01:16:58
                    Start date:30/09/2024
                    Path:C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Local\Temp\XenoManager\Quote List.scr.exe"
                    Imagebase:0x870000
                    File size:583'176 bytes
                    MD5 hash:DC2BCE43A2B3398E375FDB600650A576
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                    • Rule: Quasar_RAT_1, Description: Detects Quasar RAT, Source: 00000008.00000002.4498347900.0000000006870000.00000004.08000000.00040000.00000000.sdmp, Author: Florian Roth
                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.4492030953.0000000002C9E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    General

                    Target ID:9
                    Start time:01:16:58
                    Start date:30/09/2024
                    Path:C:\Windows\System32\conhost.exe
                    Wow64 process (32bit):false
                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Imagebase:0x7ff6d64d0000
                    File size:862'208 bytes
                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:8.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:177
                      Total number of Limit Nodes:3
                      execution_graph 35549 7b5f657 35550 7b5f3ec 35549->35550 35551 7b5f46a 35550->35551 35555 785f41e 35550->35555 35575 785f3b8 35550->35575 35594 785f3a8 35550->35594 35556 785f3ac 35555->35556 35557 785f421 35555->35557 35562 785f3da 35556->35562 35613 d8e072c 35556->35613 35618 d8e0992 35556->35618 35623 d8e0215 35556->35623 35628 d8e02d5 35556->35628 35633 d8e0457 35556->35633 35638 d8e0417 35556->35638 35643 d8e0239 35556->35643 35652 d8e01bb 35556->35652 35656 d8e051d 35556->35656 35661 d8e057d 35556->35661 35666 d8e0422 35556->35666 35671 d8e0266 35556->35671 35676 d8e0288 35556->35676 35680 d8e024d 35556->35680 35685 d8e046d 35556->35685 35690 d8e03ac 35556->35690 35557->35551 35562->35551 35576 785f3d2 35575->35576 35577 d8e072c 2 API calls 35576->35577 35578 d8e03ac 2 API calls 35576->35578 35579 d8e046d 2 API calls 35576->35579 35580 d8e024d 2 API calls 35576->35580 35581 785f3da 35576->35581 35582 d8e0288 2 API calls 35576->35582 35583 d8e0266 2 API calls 35576->35583 35584 d8e0422 2 API calls 35576->35584 35585 d8e057d 2 API calls 35576->35585 35586 d8e051d 2 API calls 35576->35586 35587 d8e01bb 2 API calls 35576->35587 35588 d8e0239 4 API calls 35576->35588 35589 d8e0417 2 API calls 35576->35589 35590 d8e0457 2 API calls 35576->35590 35591 d8e02d5 2 API calls 35576->35591 35592 d8e0215 2 API calls 35576->35592 35593 d8e0992 2 API calls 35576->35593 35577->35581 35578->35581 35579->35581 35580->35581 35581->35551 35582->35581 35583->35581 35584->35581 35585->35581 35586->35581 35587->35581 35588->35581 35589->35581 35590->35581 35591->35581 35592->35581 35593->35581 35595 785f3d2 35594->35595 35596 785f3da 35595->35596 35597 d8e072c 2 API calls 35595->35597 35598 d8e03ac 2 API calls 35595->35598 35599 d8e046d 2 API calls 35595->35599 35600 d8e024d 2 API calls 35595->35600 35601 d8e0288 2 API calls 35595->35601 35602 d8e0266 2 API calls 35595->35602 35603 d8e0422 2 API calls 35595->35603 35604 d8e057d 2 API calls 35595->35604 35605 d8e051d 2 API calls 35595->35605 35606 d8e01bb 2 API calls 35595->35606 35607 d8e0239 4 API calls 35595->35607 35608 d8e0417 2 API calls 35595->35608 35609 d8e0457 2 API calls 35595->35609 35610 d8e02d5 2 API calls 35595->35610 35611 d8e0215 2 API calls 35595->35611 35612 d8e0992 2 API calls 35595->35612 35596->35551 35597->35596 35598->35596 35599->35596 35600->35596 35601->35596 35602->35596 35603->35596 35604->35596 35605->35596 35606->35596 35607->35596 35608->35596 35609->35596 35610->35596 35611->35596 35612->35596 35614 d8e0730 35613->35614 35695 7b5e850 35614->35695 35699 7b5e849 35614->35699 35615 d8e074e 35619 d8e0998 35618->35619 35703 7b5e910 35619->35703 35707 7b5e909 35619->35707 35620 d8e09ba 35624 d8e0221 35623->35624 35624->35562 35711 7b5ee30 35624->35711 35715 7b5ee38 35624->35715 35625 d8e0810 35629 d8e02db 35628->35629 35630 d8e034a 35629->35630 35719 7b5e6c8 35629->35719 35723 7b5e6c0 35629->35723 35630->35562 35634 d8e052a 35633->35634 35636 7b5e910 WriteProcessMemory 35634->35636 35637 7b5e909 WriteProcessMemory 35634->35637 35635 d8e0a11 35636->35635 35637->35635 35639 d8e0730 35638->35639 35641 7b5e850 VirtualAllocEx 35639->35641 35642 7b5e849 VirtualAllocEx 35639->35642 35640 d8e074e 35641->35640 35642->35640 35644 d8e0246 35643->35644 35646 d8e0221 35643->35646 35644->35646 35727 7b5e770 35644->35727 35731 7b5e778 35644->35731 35645 d8e091f 35645->35562 35646->35562 35646->35645 35648 7b5ee30 ReadProcessMemory 35646->35648 35649 7b5ee38 ReadProcessMemory 35646->35649 35647 d8e0810 35647->35647 35648->35647 35649->35647 35735 7b5efc6 35652->35735 35739 7b5efd0 35652->35739 35657 d8e0537 35656->35657 35659 7b5e910 WriteProcessMemory 35657->35659 35660 7b5e909 WriteProcessMemory 35657->35660 35658 d8e0a11 35659->35658 35660->35658 35662 d8e0a9c 35661->35662 35664 7b5e770 Wow64SetThreadContext 35662->35664 35665 7b5e778 Wow64SetThreadContext 35662->35665 35663 d8e0667 35663->35562 35664->35663 35665->35663 35667 d8e040c 35666->35667 35669 7b5ee30 ReadProcessMemory 35667->35669 35670 7b5ee38 ReadProcessMemory 35667->35670 35668 d8e0810 35669->35668 35670->35668 35672 d8e026f 35671->35672 35673 d8e09ba 35672->35673 35674 7b5e910 WriteProcessMemory 35672->35674 35675 7b5e909 WriteProcessMemory 35672->35675 35674->35673 35675->35673 35678 7b5e910 WriteProcessMemory 35676->35678 35679 7b5e909 WriteProcessMemory 35676->35679 35677 d8e02b6 35677->35562 35678->35677 35679->35677 35681 d8e0221 35680->35681 35681->35562 35683 7b5ee30 ReadProcessMemory 35681->35683 35684 7b5ee38 ReadProcessMemory 35681->35684 35682 d8e0810 35683->35682 35684->35682 35686 d8e040c 35685->35686 35688 7b5ee30 ReadProcessMemory 35686->35688 35689 7b5ee38 ReadProcessMemory 35686->35689 35687 d8e0810 35688->35687 35689->35687 35691 d8e02ec 35690->35691 35692 d8e034a 35691->35692 35693 7b5e6c0 ResumeThread 35691->35693 35694 7b5e6c8 ResumeThread 35691->35694 35692->35562 35693->35691 35694->35691 35696 7b5e890 VirtualAllocEx 35695->35696 35698 7b5e8cd 35696->35698 35698->35615 35700 7b5e850 VirtualAllocEx 35699->35700 35702 7b5e8cd 35700->35702 35702->35615 35704 7b5e958 WriteProcessMemory 35703->35704 35706 7b5e9af 35704->35706 35706->35620 35710 7b5e90e WriteProcessMemory 35707->35710 35709 7b5e9af 35709->35620 35710->35709 35712 7b5ee38 ReadProcessMemory 35711->35712 35714 7b5eec7 35712->35714 35714->35625 35716 7b5ee83 ReadProcessMemory 35715->35716 35718 7b5eec7 35716->35718 35718->35625 35720 7b5e708 ResumeThread 35719->35720 35722 7b5e739 35720->35722 35722->35629 35724 7b5e6c8 ResumeThread 35723->35724 35726 7b5e739 35724->35726 35726->35629 35728 7b5e778 Wow64SetThreadContext 35727->35728 35730 7b5e805 35728->35730 35730->35646 35732 7b5e7bd Wow64SetThreadContext 35731->35732 35734 7b5e805 35732->35734 35734->35646 35736 7b5efd0 CreateProcessA 35735->35736 35738 7b5f21b 35736->35738 35740 7b5f059 CreateProcessA 35739->35740 35742 7b5f21b 35740->35742 35515 f7b778 35519 f7b870 35515->35519 35529 f7b86a 35515->35529 35516 f7b787 35520 f7b881 35519->35520 35523 f7b8a4 35519->35523 35539 f7b27c 35520->35539 35523->35516 35524 f7b89c 35524->35523 35525 f7baa8 GetModuleHandleW 35524->35525 35526 f7bad5 35525->35526 35526->35516 35530 f7b881 35529->35530 35533 f7b8a4 35529->35533 35531 f7b27c GetModuleHandleW 35530->35531 35532 f7b88c 35531->35532 35532->35533 35537 f7baf8 GetModuleHandleW 35532->35537 35538 f7bb08 GetModuleHandleW 35532->35538 35533->35516 35534 f7b89c 35534->35533 35535 f7baa8 GetModuleHandleW 35534->35535 35536 f7bad5 35535->35536 35536->35516 35537->35534 35538->35534 35540 f7ba60 GetModuleHandleW 35539->35540 35542 f7b88c 35540->35542 35542->35523 35543 f7bb08 35542->35543 35546 f7baf8 35542->35546 35544 f7bb1c 35543->35544 35545 f7b27c GetModuleHandleW 35543->35545 35544->35524 35545->35544 35547 f7b27c GetModuleHandleW 35546->35547 35548 f7bb1c 35547->35548 35548->35524

                      Executed Functions

                      Function 0785E0D0 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 785e0d0-785e103 1 785e105 0->1 2 785e10a-785e164 0->2 1->2 5 785e167 2->5 6 785e16e-785e18a 5->6 7 785e193-785e194 6->7 8 785e18c 6->8 9 785e2d0-785e340 7->9 10 785e199-785e1c7 7->10 8->5 8->9 8->10 11 785e2a1-785e2cb 8->11 12 785e212-785e227 8->12 13 785e22c-785e230 8->13 14 785e25c-785e29c 8->14 15 785e1c9-785e20d 8->15 31 785e342 call 7b50645 9->31 32 785e342 call 7b50006 9->32 33 785e342 call 7b50780 9->33 34 785e342 call 7b50040 9->34 35 785e342 call 7b50859 9->35 10->6 11->6 12->6 16 785e243-785e24a 13->16 17 785e232-785e241 13->17 14->6 15->6 19 785e251-785e257 16->19 17->19 19->6 30 785e348-785e352 31->30 32->30 33->30 34->30 35->30
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq$Tejq
                      • API String ID: 0-942063033
                      • Opcode ID: bcb8fe533d7197f1afb6249891fe5a479b86faa5a40ce8768429f6fdd6e5fdf6
                      • Instruction ID: 25d5feda12185fab5542b46f97f2227f5bda7a28cbd67bcaf51618e426b69af4
                      • Opcode Fuzzy Hash: bcb8fe533d7197f1afb6249891fe5a479b86faa5a40ce8768429f6fdd6e5fdf6
                      • Instruction Fuzzy Hash: B681B4B4E012198FDB08CFA9C9846EEFBF2BF89300F24856AD819AB354D7355905CF54
                      Function 0785E0E0 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 36 785e0e0-785e103 37 785e105 36->37 38 785e10a-785e164 36->38 37->38 41 785e167 38->41 42 785e16e-785e18a 41->42 43 785e193-785e194 42->43 44 785e18c 42->44 45 785e2d0-785e340 43->45 46 785e199-785e1c7 43->46 44->41 44->45 44->46 47 785e2a1-785e2cb 44->47 48 785e212-785e227 44->48 49 785e22c-785e230 44->49 50 785e25c-785e29c 44->50 51 785e1c9-785e20d 44->51 67 785e342 call 7b50645 45->67 68 785e342 call 7b50006 45->68 69 785e342 call 7b50780 45->69 70 785e342 call 7b50040 45->70 71 785e342 call 7b50859 45->71 46->42 47->42 48->42 52 785e243-785e24a 49->52 53 785e232-785e241 49->53 50->42 51->42 55 785e251-785e257 52->55 53->55 55->42 66 785e348-785e352 67->66 68->66 69->66 70->66 71->66
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq$Tejq
                      • API String ID: 0-942063033
                      • Opcode ID: e8c25210700e95a7b35de752518c19c240844a45dfbea3116fbf289e57ae04e7
                      • Instruction ID: 29b7dee4cf7ae7d8032cfdb88495ceebb9273145956a460584dfac54a1f849fb
                      • Opcode Fuzzy Hash: e8c25210700e95a7b35de752518c19c240844a45dfbea3116fbf289e57ae04e7
                      • Instruction Fuzzy Hash: D381A2B4E002198FDB08CFEAC984AAEBBB2BF89300F14852AD819AB354D7755905CF54
                      Function 07B50F17 Relevance: .3, Instructions: 304COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6780e701ca3d77e82b8a82c227e7e481cac61c2c4f7083cfdc7a941b9161e0e5
                      • Instruction ID: b152f448ee9f6207d5c73fe888cd674c80d3aa59388c341c1ffd02edfdb1fee3
                      • Opcode Fuzzy Hash: 6780e701ca3d77e82b8a82c227e7e481cac61c2c4f7083cfdc7a941b9161e0e5
                      • Instruction Fuzzy Hash: 63D16CB4D1420ADFDB44DFA9C4819AEFBB2FF89300F54D5A5D815AB214D734AA82CF90
                      Function 07B545F9 Relevance: .2, Instructions: 199COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a39b8ba2268d6fc92d655478c15f790ccc86cd4bb0af1b6871f4d1e0a5ebab63
                      • Instruction ID: 46f23017b0e80753c75ebfad97f5a2d732ba840644bb8c10c95a4c2b1ba5a4e9
                      • Opcode Fuzzy Hash: a39b8ba2268d6fc92d655478c15f790ccc86cd4bb0af1b6871f4d1e0a5ebab63
                      • Instruction Fuzzy Hash: BA811BB4D0525ADFDB04CFEAD580A9EFBB2FF8A300F108569E815AB264D7349942CF50
                      Function 07B536C0 Relevance: .1, Instructions: 144COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5e02bcb9a7c80bc00b4f7dbcd9abc3431f0bf9a16892962b94c6604be4e1d9ac
                      • Instruction ID: e9012d14938e3805ea28f23e28823dc6f4c480e6c48e86bbdf0457e27182de51
                      • Opcode Fuzzy Hash: 5e02bcb9a7c80bc00b4f7dbcd9abc3431f0bf9a16892962b94c6604be4e1d9ac
                      • Instruction Fuzzy Hash: 6C5139B5E14209AFDB04CFA9D8459AEFBF2FB8A300F00956AE415E7354D7389A01CF64
                      Function 07B536D0 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8ff8e43436b1453dd052198e9c100062a40686a87ed3a4de8c0e08b7a130fd08
                      • Instruction ID: 153d260e9f515ebc9086035135ed01bade4fc50afe41746824bb783eb25b181c
                      • Opcode Fuzzy Hash: 8ff8e43436b1453dd052198e9c100062a40686a87ed3a4de8c0e08b7a130fd08
                      • Instruction Fuzzy Hash: 43512AB5E14209AFDB48CFA9D4459AEFBF2FB8A340F00946AD815E7354D7389A01CF64
                      Function 07B50006 Relevance: .1, Instructions: 83COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c88892d569e2b0358b77159b4ee93bf51c64700c193fb4a9b9f01f55c568f8cd
                      • Instruction ID: 4837ae382401f3a9f859f10f863a225a2736407affe147d39be9454b00a789d3
                      • Opcode Fuzzy Hash: c88892d569e2b0358b77159b4ee93bf51c64700c193fb4a9b9f01f55c568f8cd
                      • Instruction Fuzzy Hash: B8310BB1D057898FDB4ACFA6C8543DEBFF2AF86310F18C0AAD444AB255DB780949CB51
                      Function 07B50040 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86ba7d9d7680b849c03cb7b3118c6705dfdeb51feaecb91cafd58038751b243f
                      • Instruction ID: 6b503c97018a7225531e74aef8300afeef471a2f14367d5b4e558d23a11b463a
                      • Opcode Fuzzy Hash: 86ba7d9d7680b849c03cb7b3118c6705dfdeb51feaecb91cafd58038751b243f
                      • Instruction Fuzzy Hash: 2E21F2B1E006188BEB58CFABD9443DEFBF6AFC8310F14C06AD808A6254DB751A45CF90
                      Function 07B591B0 Relevance: .1, Instructions: 66COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a1818f844e401daa5781698806be25a83d001bf14f22619d443eed3e2ae7ebd
                      • Instruction ID: 4b6d88f6093edea6b66494f236339a7e4bb25457f6d9301397e613748ae20da6
                      • Opcode Fuzzy Hash: 9a1818f844e401daa5781698806be25a83d001bf14f22619d443eed3e2ae7ebd
                      • Instruction Fuzzy Hash: AE2128B1D056588FEB18CFABC8553DEBFB6AF89300F14C0AAD80966254DB751945CFA0
                      Function 07B5EFC6 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 91 7b5efc6-7b5f065 94 7b5f067-7b5f071 91->94 95 7b5f09e-7b5f0be 91->95 94->95 96 7b5f073-7b5f075 94->96 100 7b5f0f7-7b5f126 95->100 101 7b5f0c0-7b5f0ca 95->101 98 7b5f077-7b5f081 96->98 99 7b5f098-7b5f09b 96->99 102 7b5f085-7b5f094 98->102 103 7b5f083 98->103 99->95 111 7b5f15f-7b5f219 CreateProcessA 100->111 112 7b5f128-7b5f132 100->112 101->100 104 7b5f0cc-7b5f0ce 101->104 102->102 105 7b5f096 102->105 103->102 106 7b5f0f1-7b5f0f4 104->106 107 7b5f0d0-7b5f0da 104->107 105->99 106->100 109 7b5f0dc 107->109 110 7b5f0de-7b5f0ed 107->110 109->110 110->110 113 7b5f0ef 110->113 123 7b5f222-7b5f2a8 111->123 124 7b5f21b-7b5f221 111->124 112->111 114 7b5f134-7b5f136 112->114 113->106 115 7b5f159-7b5f15c 114->115 116 7b5f138-7b5f142 114->116 115->111 118 7b5f144 116->118 119 7b5f146-7b5f155 116->119 118->119 119->119 120 7b5f157 119->120 120->115 134 7b5f2b8-7b5f2bc 123->134 135 7b5f2aa-7b5f2ae 123->135 124->123 137 7b5f2cc-7b5f2d0 134->137 138 7b5f2be-7b5f2c2 134->138 135->134 136 7b5f2b0 135->136 136->134 140 7b5f2e0-7b5f2e4 137->140 141 7b5f2d2-7b5f2d6 137->141 138->137 139 7b5f2c4 138->139 139->137 143 7b5f2f6-7b5f2fd 140->143 144 7b5f2e6-7b5f2ec 140->144 141->140 142 7b5f2d8 141->142 142->140 145 7b5f314 143->145 146 7b5f2ff-7b5f30e 143->146 144->143 148 7b5f315 145->148 146->145 148->148
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07B5F206
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 746b837fb4b08c603ad692782ac946398016996f779c3aa8115219a3d9d64944
                      • Instruction ID: 2ec9dd48966bad1e385f4abc23013cef1ca7dc62745091b1981bc0c2e43c62fe
                      • Opcode Fuzzy Hash: 746b837fb4b08c603ad692782ac946398016996f779c3aa8115219a3d9d64944
                      • Instruction Fuzzy Hash: 3BA13AB1D0021ACFEB14DF68C941BEDBBB2FF49314F1485AAE808A7250DB759985CF91
                      Function 07B5EFD0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 149 7b5efd0-7b5f065 151 7b5f067-7b5f071 149->151 152 7b5f09e-7b5f0be 149->152 151->152 153 7b5f073-7b5f075 151->153 157 7b5f0f7-7b5f126 152->157 158 7b5f0c0-7b5f0ca 152->158 155 7b5f077-7b5f081 153->155 156 7b5f098-7b5f09b 153->156 159 7b5f085-7b5f094 155->159 160 7b5f083 155->160 156->152 168 7b5f15f-7b5f219 CreateProcessA 157->168 169 7b5f128-7b5f132 157->169 158->157 161 7b5f0cc-7b5f0ce 158->161 159->159 162 7b5f096 159->162 160->159 163 7b5f0f1-7b5f0f4 161->163 164 7b5f0d0-7b5f0da 161->164 162->156 163->157 166 7b5f0dc 164->166 167 7b5f0de-7b5f0ed 164->167 166->167 167->167 170 7b5f0ef 167->170 180 7b5f222-7b5f2a8 168->180 181 7b5f21b-7b5f221 168->181 169->168 171 7b5f134-7b5f136 169->171 170->163 172 7b5f159-7b5f15c 171->172 173 7b5f138-7b5f142 171->173 172->168 175 7b5f144 173->175 176 7b5f146-7b5f155 173->176 175->176 176->176 177 7b5f157 176->177 177->172 191 7b5f2b8-7b5f2bc 180->191 192 7b5f2aa-7b5f2ae 180->192 181->180 194 7b5f2cc-7b5f2d0 191->194 195 7b5f2be-7b5f2c2 191->195 192->191 193 7b5f2b0 192->193 193->191 197 7b5f2e0-7b5f2e4 194->197 198 7b5f2d2-7b5f2d6 194->198 195->194 196 7b5f2c4 195->196 196->194 200 7b5f2f6-7b5f2fd 197->200 201 7b5f2e6-7b5f2ec 197->201 198->197 199 7b5f2d8 198->199 199->197 202 7b5f314 200->202 203 7b5f2ff-7b5f30e 200->203 201->200 205 7b5f315 202->205 203->202 205->205
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 07B5F206
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 3c8aa5d5a41ac3cd1747e142124298b409920963fe37579efdcb4370e805bab6
                      • Instruction ID: 91d769fadec8c40a5bb60ec74bb42bf6cdd0d6ac1cbaae9f038f2f4fe9ed039d
                      • Opcode Fuzzy Hash: 3c8aa5d5a41ac3cd1747e142124298b409920963fe37579efdcb4370e805bab6
                      • Instruction Fuzzy Hash: 99913BB1D0021ACFEB14DF68C941BEDBAB2FF49310F1485A9E818A7250DB759985CF91
                      Function 00F7B870 Relevance: 1.7, APIs: 1, Instructions: 197COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 206 f7b870-f7b87f 207 f7b881-f7b88e call f7b27c 206->207 208 f7b8ab-f7b8af 206->208 215 f7b8a4 207->215 216 f7b890 207->216 210 f7b8c3-f7b904 208->210 211 f7b8b1-f7b8bb 208->211 217 f7b906-f7b90e 210->217 218 f7b911-f7b91f 210->218 211->210 215->208 261 f7b896 call f7baf8 216->261 262 f7b896 call f7bb08 216->262 217->218 219 f7b943-f7b945 218->219 220 f7b921-f7b926 218->220 225 f7b948-f7b94f 219->225 222 f7b931 220->222 223 f7b928-f7b92f call f7b288 220->223 221 f7b89c-f7b89e 221->215 224 f7b9e0-f7baa0 221->224 227 f7b933-f7b941 222->227 223->227 256 f7baa2-f7baa5 224->256 257 f7baa8-f7bad3 GetModuleHandleW 224->257 228 f7b951-f7b959 225->228 229 f7b95c-f7b963 225->229 227->225 228->229 230 f7b965-f7b96d 229->230 231 f7b970-f7b979 call f7b298 229->231 230->231 237 f7b986-f7b98b 231->237 238 f7b97b-f7b983 231->238 239 f7b98d-f7b994 237->239 240 f7b9a9-f7b9ad 237->240 238->237 239->240 242 f7b996-f7b9a6 call f7b2a8 call f7b2b8 239->242 263 f7b9b0 call f7bdc0 240->263 264 f7b9b0 call f7bde8 240->264 242->240 245 f7b9b3-f7b9b6 246 f7b9d9-f7b9df 245->246 247 f7b9b8-f7b9d6 245->247 247->246 256->257 258 f7bad5-f7badb 257->258 259 f7badc-f7baf0 257->259 258->259 261->221 262->221 263->245 264->245
                      Memory Dump Source
                      • Source File: 00000000.00000002.2060516793.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_Quote List.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 7d44463d9e19cdbb8b72525a601dbb32e55e0cce549e3ddd510e15bfbf3c5f9e
                      • Instruction ID: 475d43000694250d8f3aa6f155738a178880b6e53367c6fffe59fab8236eb7e8
                      • Opcode Fuzzy Hash: 7d44463d9e19cdbb8b72525a601dbb32e55e0cce549e3ddd510e15bfbf3c5f9e
                      • Instruction Fuzzy Hash: 50718970A00B058FD724DF6AD54476ABBF1FF89310F04892ED59ADBA50DB78E805CB92
                      Function 07B5E909 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 373 7b5e909-7b5e90c 374 7b5e90e-7b5e95e 373->374 375 7b5e979-7b5e9ad WriteProcessMemory 373->375 381 7b5e960-7b5e96c 374->381 382 7b5e96e-7b5e977 374->382 378 7b5e9b6-7b5e9e6 375->378 379 7b5e9af-7b5e9b5 375->379 379->378 381->382 382->375
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07B5E9A0
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 616103f56fdc94508ad9dacc1240d07eb0ce082fd8ce2aae224ca042fc30ff93
                      • Instruction ID: 9ce0e3a6ecfc43dbe7f2d3d31bd92c1a51fe5db9b762402750bf0e9b9e1711f9
                      • Opcode Fuzzy Hash: 616103f56fdc94508ad9dacc1240d07eb0ce082fd8ce2aae224ca042fc30ff93
                      • Instruction Fuzzy Hash: BB212CB19003499FDB10DFA9C945BDEBFF5FF48310F10842AE959A7251D7789544CBA0
                      Function 07B5E910 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 386 7b5e910-7b5e95e 388 7b5e960-7b5e96c 386->388 389 7b5e96e-7b5e9ad WriteProcessMemory 386->389 388->389 392 7b5e9b6-7b5e9e6 389->392 393 7b5e9af-7b5e9b5 389->393 393->392
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 07B5E9A0
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: b3d8b2c0423edead6d710e5d5b98b98048bfd16c32c715974af118e7a4c5ee0a
                      • Instruction ID: a1e3cf7399a2137994ad5762203762f779e315b458c1a61c8b0297ba1b40c087
                      • Opcode Fuzzy Hash: b3d8b2c0423edead6d710e5d5b98b98048bfd16c32c715974af118e7a4c5ee0a
                      • Instruction Fuzzy Hash: 75213BB19003499FDB10DFAAC945BDEBBF5FF48310F108429E959A7250C7789944CBA0
                      Function 07B5E770 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 397 7b5e770-7b5e7c3 400 7b5e7c5-7b5e7d1 397->400 401 7b5e7d3-7b5e803 Wow64SetThreadContext 397->401 400->401 403 7b5e805-7b5e80b 401->403 404 7b5e80c-7b5e83c 401->404 403->404
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07B5E7F6
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 115e15fefb15aedeb186dbfd3da2e1076800f41676da829dfce561dd57de6a2b
                      • Instruction ID: 2cc2818afd05b2b7452f33bd09f30d677323e962d4c5af89d852802d8992d64e
                      • Opcode Fuzzy Hash: 115e15fefb15aedeb186dbfd3da2e1076800f41676da829dfce561dd57de6a2b
                      • Instruction Fuzzy Hash: 8C215CB19002498FDB10DFAAC5847EEBFF4EF49320F148429D459A7240D7789545CFA0
                      Function 07B5EE30 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 408 7b5ee30-7b5eec5 ReadProcessMemory 412 7b5eec7-7b5eecd 408->412 413 7b5eece-7b5eefe 408->413 412->413
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07B5EEB8
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: b2b91fca04241758ab7949012fc85106f96b0930e2d55308b8c68b33af72c342
                      • Instruction ID: fa7dab151ee1e4fe425e2a378ce11a0c2fdd851ec025ac7a96333b62196ba833
                      • Opcode Fuzzy Hash: b2b91fca04241758ab7949012fc85106f96b0930e2d55308b8c68b33af72c342
                      • Instruction Fuzzy Hash: 40212AB1C002499FDB10DFAAC981AEEFBF5FF48310F50842AE919A7250D7789555DFA0
                      Function 07B5E778 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 417 7b5e778-7b5e7c3 419 7b5e7c5-7b5e7d1 417->419 420 7b5e7d3-7b5e803 Wow64SetThreadContext 417->420 419->420 422 7b5e805-7b5e80b 420->422 423 7b5e80c-7b5e83c 420->423 422->423
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 07B5E7F6
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 308a75f8928638037361ab63f7caacd749f7d049824ba535ebe626b5f6c34093
                      • Instruction ID: 349379949e001f43c4d4ab3c7b652a0475bc8a17bdb481c37d1d58b945448dfd
                      • Opcode Fuzzy Hash: 308a75f8928638037361ab63f7caacd749f7d049824ba535ebe626b5f6c34093
                      • Instruction Fuzzy Hash: 312129B1D003099FDB10DFAAC5857EEBBF4EF49310F148429D519A7240DB78AA44CFA0
                      Function 07B5EE38 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 427 7b5ee38-7b5eec5 ReadProcessMemory 430 7b5eec7-7b5eecd 427->430 431 7b5eece-7b5eefe 427->431 430->431
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 07B5EEB8
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: c20830474672b7bc5f7718b88318a6b63ba321c8f9854235b9375718b12caabc
                      • Instruction ID: 997a7cd05f3e71c7e71a6e93c270278cc294147f2863f35ba4d7edfd6f3cf408
                      • Opcode Fuzzy Hash: c20830474672b7bc5f7718b88318a6b63ba321c8f9854235b9375718b12caabc
                      • Instruction Fuzzy Hash: 0A2107B1C003599FDB10DFAAC985AEEFBF5FF48310F50842AE919A7250D7789944CBA0
                      Function 07B5E849 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 435 7b5e849-7b5e8cb VirtualAllocEx 439 7b5e8d4-7b5e8f9 435->439 440 7b5e8cd-7b5e8d3 435->440 440->439
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07B5E8BE
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 694de1ffa4910731d2f3928d5c8552a637484fb7e5aa2fa7952266d974d6d2f2
                      • Instruction ID: afd391c4eba96fc57365bac8a2ab61d713a7180a36a69330d4219a184a14e4f3
                      • Opcode Fuzzy Hash: 694de1ffa4910731d2f3928d5c8552a637484fb7e5aa2fa7952266d974d6d2f2
                      • Instruction Fuzzy Hash: 1D1159B18002499FDB10DFAAC944BEEFFF5EF88320F148819E519AB250C779A544CFA0
                      Function 07B5E6C0 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 444 7b5e6c0-7b5e737 ResumeThread 448 7b5e740-7b5e765 444->448 449 7b5e739-7b5e73f 444->449 449->448
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 1a55d7404b6ecf1af547808b721bfe722c198cc2cad4e6ae788d4023fe29d170
                      • Instruction ID: 79f2ff70a137193da54db54e826e4c40e84c460737050f899f91959b9e25729d
                      • Opcode Fuzzy Hash: 1a55d7404b6ecf1af547808b721bfe722c198cc2cad4e6ae788d4023fe29d170
                      • Instruction Fuzzy Hash: 46115BB1D043498BDB20DFAAC4447EEFFF8EF88324F148459D559A7240CB79A544CBA4
                      Function 07B5E850 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 07B5E8BE
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 33e318bed1fcc2ca754520a0d4072fd1711dc43054bd10d71660605743be957a
                      • Instruction ID: 5e7faa1a29ddaa7510a6e06fbcc41ba7bc4aa2e16a9c973e8dfc2f3e80efabd8
                      • Opcode Fuzzy Hash: 33e318bed1fcc2ca754520a0d4072fd1711dc43054bd10d71660605743be957a
                      • Instruction Fuzzy Hash: C0113AB18002499FDB10DFAAC944BDFBFF5EF48310F108819D519A7250C7759544CFA0
                      Function 00F7B27C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,00F7B88C), ref: 00F7BAC6
                      Memory Dump Source
                      • Source File: 00000000.00000002.2060516793.0000000000F70000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F70000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_f70000_Quote List.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 6440e5aea8ec19afc4aea4e0220fe8935cd28858fc369e7991c0867132910372
                      • Instruction ID: 33f252deb4d6b21fc3c3ba5df763dd7db2fad8ad6b580fa36c62cd79a0bf13bc
                      • Opcode Fuzzy Hash: 6440e5aea8ec19afc4aea4e0220fe8935cd28858fc369e7991c0867132910372
                      • Instruction Fuzzy Hash: 411132B5C002098FDB10DF9AC448B9EFBF8EF89320F10842AD819B7210D378A945CFA1
                      Function 07B5E6C8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 69dcf3cb5bc5698c3557c21eb6c786ebdd0195753aed9a48480246ee42a60752
                      • Instruction ID: 2504e7c15fb1f134281bdd487288807303444f2cba1337638437c213ef0153c2
                      • Opcode Fuzzy Hash: 69dcf3cb5bc5698c3557c21eb6c786ebdd0195753aed9a48480246ee42a60752
                      • Instruction Fuzzy Hash: AA113AB1D002498FDB10DFAAC5457AEFBF5EF88320F148459D519A7250CB79A944CBA4
                      Function 07855AE8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: f30a2256ae961a7170f3960d10964700fd6b7ad521279a1769c38ee6ac98be87
                      • Instruction ID: 6b5233a2ad59ddd00328f54a7e2e99aa8bd529d41dfbb9b9ab847c641cdcba7f
                      • Opcode Fuzzy Hash: f30a2256ae961a7170f3960d10964700fd6b7ad521279a1769c38ee6ac98be87
                      • Instruction Fuzzy Hash: 9CD10B7590020ECFCF04CFA8C5849EDB7B1FF58314B218659D806AB259DB34AE9ACF80
                      Function 07855AD9 Relevance: 1.4, Strings: 1, Instructions: 199COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: b65eed372b6713f2b5ea52c58c964df5d02272b64aff69c996256636e6a74e6e
                      • Instruction ID: 8efa2194228c3d5616315af9afa8dda7161cc80d09699f1aba258c0de8fadf86
                      • Opcode Fuzzy Hash: b65eed372b6713f2b5ea52c58c964df5d02272b64aff69c996256636e6a74e6e
                      • Instruction Fuzzy Hash: EBA1EA7590020ECFCF04DFA8D5848DDB7B1FF99314B218659D806AB259DB34AE9ACF80
                      Function 07858C84 Relevance: 1.4, Strings: 1, Instructions: 156COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq
                      • API String ID: 0-2468842661
                      • Opcode ID: b775f42a27762d6eca5cec9afbd79488704d6d3704cd807f468df5c490a5819d
                      • Instruction ID: 6f05feb23874a075a0c0b75959e08f9df04662e233260b4a104c2dce1944b09b
                      • Opcode Fuzzy Hash: b775f42a27762d6eca5cec9afbd79488704d6d3704cd807f468df5c490a5819d
                      • Instruction Fuzzy Hash: 2A517DB1B002068FCB15DFB998449AFBBF6EFD4320B148529E419DB351EF309D068791
                      Function 0785B8A7 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: k
                      • API String ID: 0-140662621
                      • Opcode ID: fc09e06a35dc551fba64212e562a0f14b8284b5da6be66d60253955afcda9d97
                      • Instruction ID: 541393555abffa965a2e52c5c69226c59c4b9d2fc5d81e2da70a1b335486f4d9
                      • Opcode Fuzzy Hash: fc09e06a35dc551fba64212e562a0f14b8284b5da6be66d60253955afcda9d97
                      • Instruction Fuzzy Hash: A221F4B29053554FCB06DF3C9C606EA7FF5EF95260B05446AD858CB241EA34C909C791
                      Function 0785B408 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq
                      • API String ID: 0-2468842661
                      • Opcode ID: 2f30dc6eb1e68086168a8c47d3774b6f82f543aa24a80056e7992615111e8008
                      • Instruction ID: 8403c4b6d84d31714ff3a173a0786416be8c6c5653df169eb02ef4bbbc4a10af
                      • Opcode Fuzzy Hash: 2f30dc6eb1e68086168a8c47d3774b6f82f543aa24a80056e7992615111e8008
                      • Instruction Fuzzy Hash: 7F118FB1B0020A8BCB14EFB899415EFBBF6AB94210B504069C904E7345EB358D01CBA1
                      Function 0D8E0288 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: (
                      • API String ID: 0-3887548279
                      • Opcode ID: 26554240b89fee119bfd350b24f1b83ace5e29e696356a56d07e2d97248fc578
                      • Instruction ID: b9721a5a53c4afcbf8602502086be729f7846da49260dfa9d24099518b1f84b6
                      • Opcode Fuzzy Hash: 26554240b89fee119bfd350b24f1b83ace5e29e696356a56d07e2d97248fc578
                      • Instruction Fuzzy Hash: F201F23590522CDFDB61CF68C944BECBBB8FB4A308F1485D9D409A3252CB359A81DF00
                      Function 07856290 Relevance: .7, Instructions: 728COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 93f7531609934a01514d4e6c9f12acbfe6e22de35c2c27da493f72e5493d3603
                      • Instruction ID: 08ebf00a672a863db2c3064f3aba1199824e142e779564e7be2b5a66f2226148
                      • Opcode Fuzzy Hash: 93f7531609934a01514d4e6c9f12acbfe6e22de35c2c27da493f72e5493d3603
                      • Instruction Fuzzy Hash: 88726D31A10609CFCB14EF68D99469DBBB1FF55301F0182A9D849AB265EF34AEC5CF81
                      Function 07852478 Relevance: .6, Instructions: 551COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae7a74ad72d3f98e5f063e7e87dbe3b98d50ebc6a8560689babb1bcf727afbb2
                      • Instruction ID: df5f807b6b814a3f4d760146e6d7cd5a63567229898e4c20e0149d30a17072f1
                      • Opcode Fuzzy Hash: ae7a74ad72d3f98e5f063e7e87dbe3b98d50ebc6a8560689babb1bcf727afbb2
                      • Instruction Fuzzy Hash: 1D42E771E1061ACBCB25DF68C8946DDF7B1FF99304F1086A9D859B7221EB30AA85CF41
                      Function 07857780 Relevance: .5, Instructions: 500COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 83b57a68310e9c1e2091d7257bf20fd22f1672dd304b017b9c4ebcabf2c814b1
                      • Instruction ID: a90aa3524d08a4ba9e8e469449576559dc6e054fc38a656e132dc3447a86658b
                      • Opcode Fuzzy Hash: 83b57a68310e9c1e2091d7257bf20fd22f1672dd304b017b9c4ebcabf2c814b1
                      • Instruction Fuzzy Hash: BA221774A10209CFCB14DF69D888B9DB7B2BF99304F1485A9D80AEB365EB30AD45CF51
                      Function 078563C0 Relevance: .4, Instructions: 418COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ec0f2914ba1e0c4f2db0389a93c9108b87abf1fa41379e4c542db7b8a319da70
                      • Instruction ID: 5c6a0c1f95b6600e73f722017a994a8f2e2372fde128e5b790e2a0bf4363dec5
                      • Opcode Fuzzy Hash: ec0f2914ba1e0c4f2db0389a93c9108b87abf1fa41379e4c542db7b8a319da70
                      • Instruction Fuzzy Hash: F0123A71E00619CFCB15DF28D99469DB7B1FF54300F4182A9D84AA7265EF34AE86CF81
                      Function 07852468 Relevance: .3, Instructions: 338COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 708eea18a06113b4202587dfb58857633f66b281d1b11bb6a0f04560cc3078eb
                      • Instruction ID: 2160e0c89365dc7ffb2ecb0f6e65c5d6fba7eb6dd8900a705d7efefbef5f1dc6
                      • Opcode Fuzzy Hash: 708eea18a06113b4202587dfb58857633f66b281d1b11bb6a0f04560cc3078eb
                      • Instruction Fuzzy Hash: 5BE106B1E10619CBCB24DF68C8946DDB7B1FF59310F1486A9D819EB261EB30AE85CF41
                      Function 0D8E1820 Relevance: .3, Instructions: 285COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f86fe9e4114eef96a3e8d1377336417c4c272e13893d4db5e0404952b685023a
                      • Instruction ID: fe46f24c012d32862cf1d51472213efa032240cf7be1757e70d935ce50cb1128
                      • Opcode Fuzzy Hash: f86fe9e4114eef96a3e8d1377336417c4c272e13893d4db5e0404952b685023a
                      • Instruction Fuzzy Hash: E7B19B30B012049FDB14DF69D998AAEBBF6AF8A740F2580A9F505DB3A1CB74DD01CB51
                      Function 07855808 Relevance: .2, Instructions: 220COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 19b462a9e17e8f21d9111b6fc4f75d79ed75073aa0d5a68442b23e4cb666496c
                      • Instruction ID: 66bdf9ea581f34d5c56f729afb5f660f9f370649bbb87178772bbccd6627412d
                      • Opcode Fuzzy Hash: 19b462a9e17e8f21d9111b6fc4f75d79ed75073aa0d5a68442b23e4cb666496c
                      • Instruction Fuzzy Hash: 2E911CB190061ADFCB01DFA8C880999FBF5FF59310B15C79AE819EB215E730E995CB80
                      Function 0785AD80 Relevance: .2, Instructions: 183COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10b29468000990ac745cb1a341ad44846b5c7858a1e3db4c0b66d071328514b8
                      • Instruction ID: 87bc8cfdebf0457a034e3d05095b7865010da8d6681fa6e90ef04822947b1c86
                      • Opcode Fuzzy Hash: 10b29468000990ac745cb1a341ad44846b5c7858a1e3db4c0b66d071328514b8
                      • Instruction Fuzzy Hash: 037171B0E00609CFDB19DFB9D8986ADBBB5FF94300F108569E806E7250EB34A945CB91
                      Function 078541F1 Relevance: .2, Instructions: 181COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3eed3c677fd25d194799fbf726d72520ca41d1a1dcc3f9d19d045505bc30159d
                      • Instruction ID: f87a9c171014e9d4aad76050bfe9632b39811de486ed44ce0a98414451ca096b
                      • Opcode Fuzzy Hash: 3eed3c677fd25d194799fbf726d72520ca41d1a1dcc3f9d19d045505bc30159d
                      • Instruction Fuzzy Hash: E871DCB9200A008FC718DF29C488A59BBF2BF89315B1589A9E54ACB772DB71EC41CF50
                      Function 07854010 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6218a315a2fc59e942c605155a426812fc4a7cfb5f50d712e4c7b4de1702fbaf
                      • Instruction ID: 894a4151ad7e2765986a696c7305c4a886fb0e325ffa8b40fc2df83c3f7e1443
                      • Opcode Fuzzy Hash: 6218a315a2fc59e942c605155a426812fc4a7cfb5f50d712e4c7b4de1702fbaf
                      • Instruction Fuzzy Hash: B87191B4A0024A8FCB54CF68D584999FBF1FF49314B19C6AAE809DB712D734E985CF90
                      Function 0785777A Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0129007a1a4c87650c3b877cd3ebb3c0d0efc52efb9b43c83a17bf6af0907faf
                      • Instruction ID: 6d7cf55428f543ce04f1b9fbac97d3d26fead7127639e858c093a75f03d21f59
                      • Opcode Fuzzy Hash: 0129007a1a4c87650c3b877cd3ebb3c0d0efc52efb9b43c83a17bf6af0907faf
                      • Instruction Fuzzy Hash: EA5156706102008FDB14EF69D898B9D77F6FF89310F0486B8D91A9B3A5DB70A809CB51
                      Function 07853102 Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2897bf2bfe72a81537e0578ed21c9c34a9eb522eec56d5871317eb2228b6e79a
                      • Instruction ID: 9a7962ed60bf65a68d3b08410f3562dfd59a8e4184ab8f4b188b704ca57accb1
                      • Opcode Fuzzy Hash: 2897bf2bfe72a81537e0578ed21c9c34a9eb522eec56d5871317eb2228b6e79a
                      • Instruction Fuzzy Hash: 58412D34A10709CFCB04EF68D984ADDBBB6FF99304F0085A9E515AB325EB71A945CF81
                      Function 07859840 Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4ffbfbdc804182093bd45607435c237da804d2173db1bec1ca5867d4a807296
                      • Instruction ID: 66f6e489e81b37ec16af1564c3e589365b3ca97cd621ad5adf3023ea9dcacab1
                      • Opcode Fuzzy Hash: c4ffbfbdc804182093bd45607435c237da804d2173db1bec1ca5867d4a807296
                      • Instruction Fuzzy Hash: 2D31C1B27106118B8B152F369C9A1BE76ABEBDA711B588029EC07C3380DF3CDD029752
                      Function 07859832 Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02841e4735a47b534d8e4de170fde0e56151717dc23fadc12d73ed6e04e0a656
                      • Instruction ID: 95d1b037ca407e16aa386924496f32480d92080589dc4375cbb5f0655d911112
                      • Opcode Fuzzy Hash: 02841e4735a47b534d8e4de170fde0e56151717dc23fadc12d73ed6e04e0a656
                      • Instruction Fuzzy Hash: 1A31C0B2710611878B156F36EC9A2BE76AAEBEA711F484029E807C3340DF3D99028752
                      Function 07853110 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be34195226482894ed5f63035e480e445af48668238ac7242e995f7a27d79c3f
                      • Instruction ID: 5b949a45c3c7ffceaf384cf8401082c2843b4ff4dd4987a0e2649059722716d0
                      • Opcode Fuzzy Hash: be34195226482894ed5f63035e480e445af48668238ac7242e995f7a27d79c3f
                      • Instruction Fuzzy Hash: 11413D34A10709CFCB04EF68D9849DDFBB6FF99304F0085A9E516AB325EB71A945CB81
                      Function 0785A798 Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4aa1da38ad5c95f3d7f709ea899e9e72ef3ba8682151fb0609864cf19847bb9f
                      • Instruction ID: fa84da2a39e9a626110b5a7d32e6c345fdfea022fad3c5145a2367ed38a20bce
                      • Opcode Fuzzy Hash: 4aa1da38ad5c95f3d7f709ea899e9e72ef3ba8682151fb0609864cf19847bb9f
                      • Instruction Fuzzy Hash: C6415330A10204DFDB05EF64D995AAD7BF6EF85300F14852DE806AB354DF74AD45CB82
                      Function 078511B9 Relevance: .1, Instructions: 97COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c900dddae5d08101f31e702fd8118a74629d290b0a7522b42abccf019a0c892e
                      • Instruction ID: 6017e2616af1cbb7d96e3be1b49d8d0e5dcaf13ad2b6caf381d53d1f75099589
                      • Opcode Fuzzy Hash: c900dddae5d08101f31e702fd8118a74629d290b0a7522b42abccf019a0c892e
                      • Instruction Fuzzy Hash: 7F41E775A0020ADFCB44DF69D88499AFBB5FF49310B15C659E918EB311E730E985CF90
                      Function 07853FFF Relevance: .1, Instructions: 96COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6b4687ba429b6a0e5a493d3c0e7c32f9b44af5fe41de6477daac07d306ee8131
                      • Instruction ID: 5acd2a2bf96c54bf6160afdcfae196d685a626495e44bc6401b6ec80f4b3edec
                      • Opcode Fuzzy Hash: 6b4687ba429b6a0e5a493d3c0e7c32f9b44af5fe41de6477daac07d306ee8131
                      • Instruction Fuzzy Hash: EF4117B4A002468FC754CF28C584A99FBF1FF59304B2986AAD80ADB311D731E985CF80
                      Function 0785A7A8 Relevance: .1, Instructions: 93COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56eefc550605187f274e737f1a662ff4cfd5ed257802bf7c393631e76c497e86
                      • Instruction ID: e798ee2c543a6444641b64fe763316728014f30bc44f749e269fbf6fd42db66e
                      • Opcode Fuzzy Hash: 56eefc550605187f274e737f1a662ff4cfd5ed257802bf7c393631e76c497e86
                      • Instruction Fuzzy Hash: 92316230A10204DFCB09EF68D595AAE7BF6EF85300F10852DE80AAB354DF74AD45CB82
                      Function 078511C8 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c074c3f75031b7af30524f246985fe101b4fcbfd9c6fa562580f21118b901f83
                      • Instruction ID: d7f5ef49d17309765a90c097385034afa733d463cf8c3fa3632e750631baf268
                      • Opcode Fuzzy Hash: c074c3f75031b7af30524f246985fe101b4fcbfd9c6fa562580f21118b901f83
                      • Instruction Fuzzy Hash: CB41E575A0020ADFCB44DFA9D98499AFBB5FF49310B14C699E918EB311E730AD85CF90
                      Function 07853008 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 344053a8e12925ec5e16d64bb810974c46ba17eaac99ae090f89732b84b05503
                      • Instruction ID: e8bded67d31e20bd999984cbc0c2fe33fa69b240cbc9ca7310718928dada7a55
                      • Opcode Fuzzy Hash: 344053a8e12925ec5e16d64bb810974c46ba17eaac99ae090f89732b84b05503
                      • Instruction Fuzzy Hash: 6631B172B00219CFCF04EF64E8548DDF7B6FF89224B048569E906AB310EB31AC46CB81
                      Function 078515A8 Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 495aa69c1ae7076c8ffe61b09cafd102d2d9a03183ec52bf86ae47354d3b3574
                      • Instruction ID: bdacc8b1caf92e0e496063bbdb62513aed580636d9ded3c758445d559c57bf83
                      • Opcode Fuzzy Hash: 495aa69c1ae7076c8ffe61b09cafd102d2d9a03183ec52bf86ae47354d3b3574
                      • Instruction Fuzzy Hash: 9A219EB27102058FD7048F2DC888B697BE5FF85720B1985B5EA0ACF3A6DB35DC048B90
                      Function 07858C34 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 90df4966832b36a94809a28d47fd9d4b74deb32bbd04eca4ebfea88bc1f6ed43
                      • Instruction ID: cfcdd236803f9cf16d5efc815c6e3abb5c9593b8897303870b774bbbe82767ba
                      • Opcode Fuzzy Hash: 90df4966832b36a94809a28d47fd9d4b74deb32bbd04eca4ebfea88bc1f6ed43
                      • Instruction Fuzzy Hash: 3F3122742006118FC728EF29C4C496ABBF6FF98711B51856AE94ACB721DB35EC81CB52
                      Function 0785A4B8 Relevance: .1, Instructions: 85COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6f52ee76d86828d57207541194d00bf9ece8af0d773d31879d6c833a5d50d53f
                      • Instruction ID: f5da1a71ed5be537246aa174ee7e5addd9bd2fd44cf605cdd33740d3e58a15d6
                      • Opcode Fuzzy Hash: 6f52ee76d86828d57207541194d00bf9ece8af0d773d31879d6c833a5d50d53f
                      • Instruction Fuzzy Hash: 9E3131B42006118FC728EF29C4C0D6ABBF6FF98711751855AE94ACB721DB35EC82CB52
                      Function 0D8E0239 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d11f478c9bade440925d52be3c782112a0c02d1dcc994c0cc652c06bacc54eed
                      • Instruction ID: a860f481865eccbad3233fc793aa9cc205985cf1512059da0bfc5cae1460fdcc
                      • Opcode Fuzzy Hash: d11f478c9bade440925d52be3c782112a0c02d1dcc994c0cc652c06bacc54eed
                      • Instruction Fuzzy Hash: 3C310134905228CFDB25CF64C944BECBBF9BB4A349F0499A9D409E7252C3749A86CF40
                      Function 00B7D06C Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059634123.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b7d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db6e1718c39f53ced3f6d722161f4890418b4b456a2586b2b171b94ae70802a2
                      • Instruction ID: 767662c24ce28c476c17a07824eca7afccdd1c18778d09a9edbbf5caf9264f5e
                      • Opcode Fuzzy Hash: db6e1718c39f53ced3f6d722161f4890418b4b456a2586b2b171b94ae70802a2
                      • Instruction Fuzzy Hash: 9B212471100200DFCB059F14C9C0F16BFB5FF88314F20C6A9E90D1A256C33AD816CBA2
                      Function 00B8D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059754902.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b8d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 51763f453232ed672aa147fa9d822cd486858e597ddd500088396adf103fdad3
                      • Instruction ID: d6b7e53890fb2002faf89d65d4e1ac4248e98c869b2d0a081a1d3aa28dfc53ae
                      • Opcode Fuzzy Hash: 51763f453232ed672aa147fa9d822cd486858e597ddd500088396adf103fdad3
                      • Instruction Fuzzy Hash: E821D371504204DFDB14EF24D9D4B16BBA5EB84314F20C5AAD9494B2A6C33AD806CB61
                      Function 07858C24 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cee84a797aa3a87edd9deeee08645cc79c62ed85557b47773a586000bae7c35c
                      • Instruction ID: 7d9edd83b97120a0d0919d58100cdda0c81e9e1035f7629dba2e471bffe61840
                      • Opcode Fuzzy Hash: cee84a797aa3a87edd9deeee08645cc79c62ed85557b47773a586000bae7c35c
                      • Instruction Fuzzy Hash: FD218EB5700210DBCB209E19D480A6A73BAEB98720F05842EE906C7B10DB71F841CB51
                      Function 07856DD0 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5c559848fac98baa01ddb8ae33afc6fd627c65aa9a6125956f802ec8256794a
                      • Instruction ID: 822ae157a6775793b678192251aa2a2195d12dfc2167a09a2b9202cf1c7e6326
                      • Opcode Fuzzy Hash: b5c559848fac98baa01ddb8ae33afc6fd627c65aa9a6125956f802ec8256794a
                      • Instruction Fuzzy Hash: 67213075A106099FCB10EF6CD84099DFBF4FF59311B51C26AE958A7200FB31A998CB91
                      Function 0785F41E Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d88dbe694e37e2b795a69cfc258f966ec70672fd88b05f3a52361cfb3f4380f2
                      • Instruction ID: 5cce67b74eec3619fbd8fca35f6e34c3c50a5aa00c2927a876f9dc1a35cb10e2
                      • Opcode Fuzzy Hash: d88dbe694e37e2b795a69cfc258f966ec70672fd88b05f3a52361cfb3f4380f2
                      • Instruction Fuzzy Hash: A32104B0D19208DFDB08DFA9D9442EEBFF2AF99300F1081AAD908E3251DB740A01CF81
                      Function 0785BA94 Relevance: .1, Instructions: 68COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bb878b2216b7da1ea2b71042e52af2c3c271b8d533e65a4e5cbc663560b91a62
                      • Instruction ID: f3dcd70ac19e487a22e4c5bac1fdb57f2e4e5cc898b4009c47cd33d90097f84e
                      • Opcode Fuzzy Hash: bb878b2216b7da1ea2b71042e52af2c3c271b8d533e65a4e5cbc663560b91a62
                      • Instruction Fuzzy Hash: CA31E3B1C01218EFDB20DF99D985B8DBFF5FB19314F24841AE408BB254C7B99885CBA5
                      Function 07858DC8 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bf644f56c03d3e5dc3e656f55dbe79573725fe16f0013d3f9a59728035df3dab
                      • Instruction ID: d908ccf41602c2e577ae83a38bb7032ae5a6e93c295d6b008e0189de9c874fae
                      • Opcode Fuzzy Hash: bf644f56c03d3e5dc3e656f55dbe79573725fe16f0013d3f9a59728035df3dab
                      • Instruction Fuzzy Hash: 2D31F2B0C01218DFDB20DF99C984B9EBFF4EB19314F20801AE808BB254C7B99844CBA5
                      Function 07858C18 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e953b8d2c313bbe00196f3371d99a1f0d85ff15012e529cea7a7caa0e1d47754
                      • Instruction ID: e12f3516c6f0a18ece2f6c0aac4495c3bfb6029b48f3cc82f2da80e52c042c13
                      • Opcode Fuzzy Hash: e953b8d2c313bbe00196f3371d99a1f0d85ff15012e529cea7a7caa0e1d47754
                      • Instruction Fuzzy Hash: 82219DB5704210DFCB209F19C880E6A77BABF98720F05842EEA56C7B61D771F840CB65
                      Function 07859E51 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be4cacff3bf622f76c3612341993693681112c6e77648998503812fc57b7e134
                      • Instruction ID: 21ed2cd8e67017b71900beb401cf6862033f9363f88c353b1cabf2d50dc73d1a
                      • Opcode Fuzzy Hash: be4cacff3bf622f76c3612341993693681112c6e77648998503812fc57b7e134
                      • Instruction Fuzzy Hash: 341159B5704611DFCB20DE19C880E6AB3B6BB98620F55802EE94687B21DB71F841CB51
                      Function 07851ED0 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86f2f72ec67d3faeed6022064361e0e2001e8583ddb5c0ddd44f114dba0f8665
                      • Instruction ID: 80493df9f89b53f0c252f870c7ee59fa795c6c91a8e8b77b02d057d8b6c8bbe8
                      • Opcode Fuzzy Hash: 86f2f72ec67d3faeed6022064361e0e2001e8583ddb5c0ddd44f114dba0f8665
                      • Instruction Fuzzy Hash: E211C2B67002068FD714CE1DD9C9B697BE5EF85720F1980B5E909CB7A2D739DC048780
                      Function 0785A418 Relevance: .1, Instructions: 61COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 624880780c3c3c1b17241d7852af0c7e45499480f27ae51a1d9b88a56c62b8e0
                      • Instruction ID: b7cc88260c373bd6a0ce49cd7fbd704195fcf45301378329d99771083a3519c7
                      • Opcode Fuzzy Hash: 624880780c3c3c1b17241d7852af0c7e45499480f27ae51a1d9b88a56c62b8e0
                      • Instruction Fuzzy Hash: 4121EF71E0020A9FCB44DFADC8449AFFBF5FF98310B10855AE514E7215E770A952CB90
                      Function 00B8D006 Relevance: .1, Instructions: 60COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059754902.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b8d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d8f776a7fad8a16a0998c51439c027f1420915f164f3a981f3cfd4d2d5962887
                      • Instruction ID: 566368d775304d4d9cbfbd29ea705b6b424a3aea0ad8f6757449fb2241e1a6e9
                      • Opcode Fuzzy Hash: d8f776a7fad8a16a0998c51439c027f1420915f164f3a981f3cfd4d2d5962887
                      • Instruction Fuzzy Hash: 5321A4755093808FDB02DF24D594715BFB1EB45314F28C5DBD8498B2A7C33AD80ACB62
                      Function 0785A420 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c6c2ebf5b7ab14083395c496db9e5cb311567d093e667d4b0d1a086f14e1f06e
                      • Instruction ID: ce51c9aed54c6b94e12243e679eb137dcee8fe04947236aa0cf97ee3e4b302a9
                      • Opcode Fuzzy Hash: c6c2ebf5b7ab14083395c496db9e5cb311567d093e667d4b0d1a086f14e1f06e
                      • Instruction Fuzzy Hash: 4B21BA71E0020A9F8B44DFADC8448AFFBF9FF98210B10855AE518E7215EB70A956CB91
                      Function 00B7D067 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059634123.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b7d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                      • Instruction ID: 2d835e36c13f8578843b09bdba94029430d808973078808849dd708b5ddc0fc5
                      • Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                      • Instruction Fuzzy Hash: AB21CD76504280DFCB06CF00D9C4B16BFB2FF88314F24C6A9D9491B656C33AD826CBA2
                      Function 07858EA0 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4f7cdacdf5c2faa2ad0a6cd8562a18683ceaba56f35f81292c4fd40bf7028825
                      • Instruction ID: 639abcb6f0302008523eb6d217ca4a631386481cad2eda8358141115c73d1eab
                      • Opcode Fuzzy Hash: 4f7cdacdf5c2faa2ad0a6cd8562a18683ceaba56f35f81292c4fd40bf7028825
                      • Instruction Fuzzy Hash: E2214772C00B4187EB109F59D840281B3A1FFA4324F1986BADD4D7B306EB75B984CAA0
                      Function 0785D020 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 998426b21e7db34da83ff5f1ac0140239fd367ea979986ad082020f6da103e19
                      • Instruction ID: 6c778ba879c92e4b291d172d68d4516c7951e2f31209cdb63bcc09d0db5a61e6
                      • Opcode Fuzzy Hash: 998426b21e7db34da83ff5f1ac0140239fd367ea979986ad082020f6da103e19
                      • Instruction Fuzzy Hash: C8118E707093559FC3028B38D414799BFB5AF86310F15C5EBD858C7693C6394856C7A3
                      Function 07853FA9 Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 231a874cc735c498d6681def2d497ea794cd127af51bffdb39bb1adddd209939
                      • Instruction ID: a3b5ab676a29e0a88205eef16b2c2d7265ddd2a78c1c81c5472bb1c32c5cb74c
                      • Opcode Fuzzy Hash: 231a874cc735c498d6681def2d497ea794cd127af51bffdb39bb1adddd209939
                      • Instruction Fuzzy Hash: A01145763006008FC714DF2CE889D587BEAEF4965971444A9E50ACB732CB62EC45CB40
                      Function 07858EB0 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 44c39659d679ab0d22a75c19849ae80de4c37b4ae2de32ac758c9fd00c1a16a8
                      • Instruction ID: 78cc40780c2e26a3828a46dfe8dca691baa45a55bc83502dffe4802ec38b77d9
                      • Opcode Fuzzy Hash: 44c39659d679ab0d22a75c19849ae80de4c37b4ae2de32ac758c9fd00c1a16a8
                      • Instruction Fuzzy Hash: F7116A72C00B5187DB109F59D840281B3A5FFA5324F1986BACD4D3F306EBB57984C7A0
                      Function 07859528 Relevance: .1, Instructions: 54COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2ca324c206b21d06aafd55bbcbdac4963a7e082d35ee4645267bdc4cdbf6e4d7
                      • Instruction ID: b0f1b6b7f1baf3f8c779c2e0468016ac5e38f24343c6cd97c0fae0c629ba2d44
                      • Opcode Fuzzy Hash: 2ca324c206b21d06aafd55bbcbdac4963a7e082d35ee4645267bdc4cdbf6e4d7
                      • Instruction Fuzzy Hash: D311E9713007118BE754AB68D81179B77CAAB84708F14C41EE199CB7C2CEFAA9459BD2
                      Function 0D8E01BB Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f657f2a032e9df995c56b6bf314fe74d532e60e9b8b899d172786651a53421a4
                      • Instruction ID: e741e80e31f05fe6b8cbd6e0aeed1a7afa1030adfb0b57d62a263832d442944f
                      • Opcode Fuzzy Hash: f657f2a032e9df995c56b6bf314fe74d532e60e9b8b899d172786651a53421a4
                      • Instruction Fuzzy Hash: 91111974A04228CFDB60CF54CC45BD8BBB9BB4A704F1085E9D549AB281DBB45AC5CF40
                      Function 07858BD4 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 07681c003c660f1f2d8c6ee11b465641c79c24ecf40fbda26225e0ba22d96be8
                      • Instruction ID: 381df099172f591a956783ee7350871b8acd0b98618f14c776dbd63b08ac04ee
                      • Opcode Fuzzy Hash: 07681c003c660f1f2d8c6ee11b465641c79c24ecf40fbda26225e0ba22d96be8
                      • Instruction Fuzzy Hash: 2D11DB703407105BE7446668D81579B76CAEB84708F10C42EE189CB7C7CEFAA94597D3
                      Function 0D8E02D5 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d7d72e001eb88e2343083873c6b77d37e8dd4fb9f4aae141c2de89ea557e97b1
                      • Instruction ID: c89c3ba7454a829f1236259547fadcdd529007edc36fd195bc9135f9192f4595
                      • Opcode Fuzzy Hash: d7d72e001eb88e2343083873c6b77d37e8dd4fb9f4aae141c2de89ea557e97b1
                      • Instruction Fuzzy Hash: D4112134809258CFCB65CF55D8487E8BBB8FB4A355F0099D9944EE7251C7B48A85CF11
                      Function 07852377 Relevance: .0, Instructions: 49COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9fdf9e2d81d70b28ba75e6fc30031cee79e2676cb95292d2f2e11035933800a8
                      • Instruction ID: f57eff282cebdff77f3de12ebdd63193897648bdd622e78c555c4edb3af5b8e3
                      • Opcode Fuzzy Hash: 9fdf9e2d81d70b28ba75e6fc30031cee79e2676cb95292d2f2e11035933800a8
                      • Instruction Fuzzy Hash: 9301C4726047058BCB05EF68E8808DEF7B9FFD5310B40866BE5589B125EF30D985CB81
                      Function 07858052 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9fe8d5aa6dbe2f8532b23386a82daf50f09670123e6ef543196fac9ebea308d2
                      • Instruction ID: 9e61bd87ae7f27b040de141837cf4a0e33a7d6c97784e96b572d184347da3557
                      • Opcode Fuzzy Hash: 9fe8d5aa6dbe2f8532b23386a82daf50f09670123e6ef543196fac9ebea308d2
                      • Instruction Fuzzy Hash: 16019271700205CFC718DF29F884E6AB7EAFF89201B18846AE40ACB365CB75EC01CB50
                      Function 0D8E0215 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 084dba2e146829af8f9facc81f9ee8b54346b8330900e3cdc92b1309e2c9de0d
                      • Instruction ID: 87b7c9cf4c4d72fa3da594340e20823119fdf48ade2c21138918e612988c3df2
                      • Opcode Fuzzy Hash: 084dba2e146829af8f9facc81f9ee8b54346b8330900e3cdc92b1309e2c9de0d
                      • Instruction Fuzzy Hash: 7611A274908218CFDB15CB95C940BE8B7F8BB4A349F149999E50DEB252D3B09A85CF50
                      Function 00B7D92D Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059634123.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b7d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3802db784951bcaf4d1375efdb982b38048fd1dea9dba5c1c7123a1b7b0f9ff3
                      • Instruction ID: 5db436d212f75024ffb9760b13b97bf23b74d230c8b875f9fe205ca7b0ae8412
                      • Opcode Fuzzy Hash: 3802db784951bcaf4d1375efdb982b38048fd1dea9dba5c1c7123a1b7b0f9ff3
                      • Instruction Fuzzy Hash: 4B01A7711043449AE7108E15C9C4B67BFECEF853A4F18C4AAEE6D0A286C2799C40C671
                      Function 07858060 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cafc61432d44c4521c5a1109c56cb4527a957e41d70541b7e324711cedf391ea
                      • Instruction ID: 916179f0d9566b576380482426f76403cca6f610ede5fe697df80b2bfb2d40a6
                      • Opcode Fuzzy Hash: cafc61432d44c4521c5a1109c56cb4527a957e41d70541b7e324711cedf391ea
                      • Instruction Fuzzy Hash: 66017C707002158FC718DF2AE48896ABBEAEFC9611718886EE40ACB365CB71EC05CB50
                      Function 07853748 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ada523dcd469b2a5c644cb621ec74eec768bbaca125759e50421252e1ad4b50
                      • Instruction ID: 6baa99bd3e84059598ff12e0263a7a34b4da8fc82a73ba1bb2afb7d89f60a34a
                      • Opcode Fuzzy Hash: 5ada523dcd469b2a5c644cb621ec74eec768bbaca125759e50421252e1ad4b50
                      • Instruction Fuzzy Hash: 9D018CB1A00709CFC325EF39C44059A7BF6AF92344B50C56ED8468B660EF30E981CF42
                      Function 0785AD70 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0e57b5503b590ee01cb4c08faa554c6915da38ca1060bda43f1d017f2bbca461
                      • Instruction ID: 20f1865590159c93e52ffbe00fe9e53b0d3f8babb0e5a2807f13cf0e3128f335
                      • Opcode Fuzzy Hash: 0e57b5503b590ee01cb4c08faa554c6915da38ca1060bda43f1d017f2bbca461
                      • Instruction Fuzzy Hash: B8018F75B102098FCB04DF69DC95AAEBBF9FF89350B00407AE905D7351EB34A904CB50
                      Function 0785ABE0 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9dd92a86ba45a67e292dd3efb7d315cfd24c30bdf01e87420afdae46826a0d7e
                      • Instruction ID: 4cdf27158bb8c7b2ef8225e25733bcd3dd8c2441398c29ab7dd81a1023fee9bc
                      • Opcode Fuzzy Hash: 9dd92a86ba45a67e292dd3efb7d315cfd24c30bdf01e87420afdae46826a0d7e
                      • Instruction Fuzzy Hash: 5F01D4302053008FC718DB19D880D2677E9EF91721B14C6BAE845CB365CB71EC06C755
                      Function 07853F3F Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b6851b162b7397adc44b1c78ef62e4511de38c04a8704aa3d0bbb58e2675a29
                      • Instruction ID: f53084beb8858e17cd4bff2f6b1f2dd31d1d8ced5c5dfa2f1b14b27fb27181f8
                      • Opcode Fuzzy Hash: 2b6851b162b7397adc44b1c78ef62e4511de38c04a8704aa3d0bbb58e2675a29
                      • Instruction Fuzzy Hash: 4EF0C2723007015FC7149F6EF88595ABBEAEFC5261704897AE10AC7622CA65EC098790
                      Function 07853738 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42ab154fefd4dcc8a1d0ee6ee2552b96c251bd72b00197bd9f59bdb0ea15f9e1
                      • Instruction ID: ad24bc852135239a3f64f9704a982c3f85166570d1687166bfd6d8722cec7332
                      • Opcode Fuzzy Hash: 42ab154fefd4dcc8a1d0ee6ee2552b96c251bd72b00197bd9f59bdb0ea15f9e1
                      • Instruction Fuzzy Hash: 8A017CF1910705CFC714EF29D84469A77F6AF96354F40866ED842CB660EB30E981CB41
                      Function 0785A350 Relevance: .0, Instructions: 42COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7b46d59a3ce5178394611741bf784cbb030d1fe5ded40be973bf1b76e781d6af
                      • Instruction ID: b1f2d51e8cbad92841b2d919a057fb54242fd355e322f84cf8ffb84dfaee6ef7
                      • Opcode Fuzzy Hash: 7b46d59a3ce5178394611741bf784cbb030d1fe5ded40be973bf1b76e781d6af
                      • Instruction Fuzzy Hash: E3110CB0D14209DFCB09DF94D585AEDBFB2EF55300F109659E805FB210DB749982CB81
                      Function 00B8D333 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059754902.0000000000B8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B8D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b8d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37e913bedb91109d57b2d009721fe1f4a11c56689aa8b0d5809ad0b31e02e7ce
                      • Instruction ID: 0790412a728ad677e3779eee0b1f6a20a384af4822a3022e6e3193eddef1f61c
                      • Opcode Fuzzy Hash: 37e913bedb91109d57b2d009721fe1f4a11c56689aa8b0d5809ad0b31e02e7ce
                      • Instruction Fuzzy Hash: 5A018FB5504240DFCB04DF64E5C4A16BFA1EF84324F28C5AED8494F25AC23BE416CB52
                      Function 07851CC9 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b36e0951b8e57953a1a15c387efe320ecae652cdf69c82523da5f08bc2d2ad6
                      • Instruction ID: eb25341c072c6fac927fc318b97fc0f86dbf0711cc39f33287b1eba47c31e0f3
                      • Opcode Fuzzy Hash: 3b36e0951b8e57953a1a15c387efe320ecae652cdf69c82523da5f08bc2d2ad6
                      • Instruction Fuzzy Hash: 64F062F2B001189BCB1AAB3DE45CB6D76AAABE5B51B144029D816C7750DF38C8028B92
                      Function 0785ABF0 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a2a9cb4d2d945901ab4ace2f1797590a0c7ce7afca37343fc572a0ad2beca8df
                      • Instruction ID: e6bffb08222cbeb8d3a78debf2caf14fbab68a4b94d5febe48e8d0c0fa838ca8
                      • Opcode Fuzzy Hash: a2a9cb4d2d945901ab4ace2f1797590a0c7ce7afca37343fc572a0ad2beca8df
                      • Instruction Fuzzy Hash: D3016D343042018FC728DA29E880D16B7EAEF95621B64C57AE909C7365CB71EC02CB55
                      Function 0785A731 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f891425bcc0be129d9cddb3043f893a7ce97df2dab9dafb69b6ebd291197df87
                      • Instruction ID: bd962bd7aa0cfa8a104462f97d06c6fbc99f09de2ffb8d9ddd281e816b7c05dd
                      • Opcode Fuzzy Hash: f891425bcc0be129d9cddb3043f893a7ce97df2dab9dafb69b6ebd291197df87
                      • Instruction Fuzzy Hash: 82F0F476510109AFCB04EF24D884CAEBF78EF96354B01C256E9049B211E631DD09CBB2
                      Function 07851588 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 164e95227f452751415d434f639da858e4cccfef6d74f2eb30c827ed54e7c143
                      • Instruction ID: f1f03a8d630d46b3dc9ee429c55b1d88737f10e9d0553032db07749b8be3d008
                      • Opcode Fuzzy Hash: 164e95227f452751415d434f639da858e4cccfef6d74f2eb30c827ed54e7c143
                      • Instruction Fuzzy Hash: 62F0B4B1B1411E8BDB149A2E885CB7A72DA9FD6756B044029AC03C3294DF20D802CA91
                      Function 07853BB8 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 35d6e815b311d46b3fe111509a03aa5017aff37396df4c47a571684002e50525
                      • Instruction ID: 588e0b0aab44301a781fedcf8ced26091e365f54f43800dd5555268eba57799f
                      • Opcode Fuzzy Hash: 35d6e815b311d46b3fe111509a03aa5017aff37396df4c47a571684002e50525
                      • Instruction Fuzzy Hash: 1DF068362006009FC614AB29E845A5AB7BAEFC9725B504519E50987761CF35EC42CB92
                      Function 0D8E046D Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9c787c05cb4115a8face14ec945664bcec4f26135d8c2fa07310622960d3cd3
                      • Instruction ID: 5c93bf8647def1a3909a05436850ae3d2f57dd1550bb12daa30c00903e7ad607
                      • Opcode Fuzzy Hash: e9c787c05cb4115a8face14ec945664bcec4f26135d8c2fa07310622960d3cd3
                      • Instruction Fuzzy Hash: D2011674904218CFDB14CF54C940AECBBF8EB4A349F54D4A9D409EB202CB30AA82CF90
                      Function 0785A733 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be5f3a4065ef57cd70f75e6dc9ee3a97f386e28d9ed2fd56a8551d1a3e0ac7f8
                      • Instruction ID: d5c87655b5cbaf5ac0e219c1f7b264a628ddb59378f92491ebf3c941b71a3d78
                      • Opcode Fuzzy Hash: be5f3a4065ef57cd70f75e6dc9ee3a97f386e28d9ed2fd56a8551d1a3e0ac7f8
                      • Instruction Fuzzy Hash: A1F0A4755101099FCB04EE54D884C9EBB78EB85355F018216E9049B210D631D949CBA2
                      Function 0785BE54 Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4eb6b424c6a516476e96a6a69914ff5161a55a3f426280f54b1605d960326d25
                      • Instruction ID: 4a36b2581899a243d7dc1c6d0b9707d1ba5ac85d270606656dfa38d18fd49e87
                      • Opcode Fuzzy Hash: 4eb6b424c6a516476e96a6a69914ff5161a55a3f426280f54b1605d960326d25
                      • Instruction Fuzzy Hash: E60108F180021ADFDB14CF6AC4097AEBFB5AF15364F188629E924EA290D7744A80CBD1
                      Function 07851D5F Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f3ecbb2688ce47ef4add1a6e6dcbce355304f2227c903160e78e4f9c388c374e
                      • Instruction ID: 1d627e00bc8c3e217f06f7f2981676c90e50b99cfac836ee25795e5e8bbfd6cf
                      • Opcode Fuzzy Hash: f3ecbb2688ce47ef4add1a6e6dcbce355304f2227c903160e78e4f9c388c374e
                      • Instruction Fuzzy Hash: 0FF090B170011A8BCB24AF2AD48CBB937A9AF96B56F040169E803C7654CF20CD07CB91
                      Function 0D8E0422 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c78e733898f5b43fe713e5164b01a1903e6693354ab339219dfc89d9b0c5f46
                      • Instruction ID: b8c379b999959e4ba7aa42361c0588293de60cbd743a9958229c5ed00814fa24
                      • Opcode Fuzzy Hash: 3c78e733898f5b43fe713e5164b01a1903e6693354ab339219dfc89d9b0c5f46
                      • Instruction Fuzzy Hash: 3B012874904218CFDB14CF65C940AEDBBF8EB4A345F14D4A9D50DEB202C730AA85CF90
                      Function 0785A73B Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a62b261e704743ba1b0fd5ad43ba4eb2a4d27e665c91e9655ae97879610758d8
                      • Instruction ID: 518e280636ebe2fcc0ff81d27acc2e2b5448796cc21d28a6d75e90101163d6bf
                      • Opcode Fuzzy Hash: a62b261e704743ba1b0fd5ad43ba4eb2a4d27e665c91e9655ae97879610758d8
                      • Instruction Fuzzy Hash: 58F0627660010AAFCB04EE65D984CAEBB79EFC5355B018259E9046B311E731ED49CBB1
                      Function 0785BEF0 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5836820fdc6d6a274a6cb6b63a69366a813d390374e6d8faf1a4bca8f2c8eee8
                      • Instruction ID: 0f81223a2d0b40e6ac6461df6ca2c09a55c1d785b9c31b47965161776f12fa42
                      • Opcode Fuzzy Hash: 5836820fdc6d6a274a6cb6b63a69366a813d390374e6d8faf1a4bca8f2c8eee8
                      • Instruction Fuzzy Hash: 17F0F8B67041186FD304DB6AEC85E6BBBE9FBC8660B65806AE508C7311DA319D01C7A4
                      Function 07853B38 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d5b995cbbf6f51289cf9f6a827c669a333613284d51d43b86bf8c7547541d054
                      • Instruction ID: 777185706d4d8b8e5f0e9d23179285b3ca6824c89f4d02912e9c119d54303e39
                      • Opcode Fuzzy Hash: d5b995cbbf6f51289cf9f6a827c669a333613284d51d43b86bf8c7547541d054
                      • Instruction Fuzzy Hash: 2201A475A00B05CAC706BB78E4042EDB772EFD12A5F044A6DCC559B650EF30A582CB93
                      Function 07853B48 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2148535366b1c38af0e76829a074535caded8196e65d31a8278f4f44158809e9
                      • Instruction ID: 2cbcad17b1c5745f16c2631e805bbf322847036da6a55b65c8ef4fa7d711a8b9
                      • Opcode Fuzzy Hash: 2148535366b1c38af0e76829a074535caded8196e65d31a8278f4f44158809e9
                      • Instruction Fuzzy Hash: A9F06271A00B05DBCB167B7994044EEB775EFD1265F05466DDC459B200EF30A582CAD3
                      Function 07851119 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ef50d05ed0db4ebcf7ee1dcbf7b16ee68f596f2d1e4b219b9b715fd0b002a370
                      • Instruction ID: 28d5e254f04fe538db091cde46420d2e4b4fb715723bc1b7bd51901ddd714064
                      • Opcode Fuzzy Hash: ef50d05ed0db4ebcf7ee1dcbf7b16ee68f596f2d1e4b219b9b715fd0b002a370
                      • Instruction Fuzzy Hash: F201C471E00209DFCB40EFA8C94599DBBF4FF49200F15819AE458EB321E770AA44CB91
                      Function 00B7D92C Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2059634123.0000000000B7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B7D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_b7d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0df66a12e2d39d08cced8719ca53329e4cd12ea3735eb23c2459513a6836a504
                      • Instruction ID: a90dd38dbb2df03a0570c2553ad5bc4de877b5e245782487633503e9dbec5004
                      • Opcode Fuzzy Hash: 0df66a12e2d39d08cced8719ca53329e4cd12ea3735eb23c2459513a6836a504
                      • Instruction Fuzzy Hash: 1DF062714043449AE7108A16C888BA6FFE8EF96764F18C55AEE5C5B286C2799C44CA71
                      Function 0785A740 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0648772f97027ee72434f07780e4e11f829db9484f7c7f4320cad81cd2d9e2ab
                      • Instruction ID: 8bb3f2a13b97333bd4dea6bf1a6c7798a391fcdb5dbadef5941a24dde81bd397
                      • Opcode Fuzzy Hash: 0648772f97027ee72434f07780e4e11f829db9484f7c7f4320cad81cd2d9e2ab
                      • Instruction Fuzzy Hash: 7EF06275600109AFCB04EE65D984C9EBB78EFC5355B018259E9045B210E730ED49CBB1
                      Function 07851CD8 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 67f756cfdc0017e87306cb57f954068b1ee52c9c88b0cc6a6728897638609d7d
                      • Instruction ID: 1200e6516643a6404c3bf4a1d37687e9b58e777bfcd88276778835d4c60792fb
                      • Opcode Fuzzy Hash: 67f756cfdc0017e87306cb57f954068b1ee52c9c88b0cc6a6728897638609d7d
                      • Instruction Fuzzy Hash: 9DF05EF1B00618878B19AA3DA41CB6D72AA9FE5B51B14403DDC16CB390DF38C8028B93
                      Function 0D8E03AC Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f0ebae63521393c09f82ea632a9b348cd5856a2f5f99aeafb1f9e9c697e46f03
                      • Instruction ID: 42d8318c2e51a01cbb8e990bd665dfa6f81858f7df57b3ae0656ff0566d2438b
                      • Opcode Fuzzy Hash: f0ebae63521393c09f82ea632a9b348cd5856a2f5f99aeafb1f9e9c697e46f03
                      • Instruction Fuzzy Hash: 3701FB3880422CCFCB61DF51C884BE8BBB8EB4A355F14C5DA940DA72A1C7749AC6CF50
                      Function 0785BE60 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 715d323645e9a39e93f4fc802acb60d12d5607da5cc894256e8a2459d4c21492
                      • Instruction ID: f5becbd3a88f37c3deead72251185b86cb46d66b5b19f06c8942d63e38628ef5
                      • Opcode Fuzzy Hash: 715d323645e9a39e93f4fc802acb60d12d5607da5cc894256e8a2459d4c21492
                      • Instruction Fuzzy Hash: C201A8F0800619DFDB14DF6AC4087AEBEF5BF59364F248629E924EA290D7744A44CBD1
                      Function 07853BC8 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ccdf1b031426beac8322ef58c622b91c6b272042e4ee25128cfbcf6ce04eab7c
                      • Instruction ID: 46e24ea8060a32cbbca76789135e9d48741fdc696c094164f75aeda74e784867
                      • Opcode Fuzzy Hash: ccdf1b031426beac8322ef58c622b91c6b272042e4ee25128cfbcf6ce04eab7c
                      • Instruction Fuzzy Hash: 74F089713007008FC624AF1AD84495EB7BAEFC9725B51456EE50A87721DF35EC42C792
                      Function 0D8E0457 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 26033011697f557bb244655b06f8bf0a79a2ff86da29df394b3c671fa513ded1
                      • Instruction ID: 6c451e0d7d6b2ef202f0896c75094e12f93ff3037321c8d2a474bc1474c9fc14
                      • Opcode Fuzzy Hash: 26033011697f557bb244655b06f8bf0a79a2ff86da29df394b3c671fa513ded1
                      • Instruction Fuzzy Hash: 4F01F239908228CFDF61DFA0C8407ECBBF8BB4A344F109499D549A2242C7759A85CF40
                      Function 07851128 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                      • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                      • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                      • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                      Function 0D8E0321 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 977f5b9db07b3b3173b898dddd2fc5cae0ce89c59b51e9a911d091798a5be639
                      • Instruction ID: 05ee78699e091130f3487fb93519a7cebf589adf8a8bc39b3d452c7731be22b4
                      • Opcode Fuzzy Hash: 977f5b9db07b3b3173b898dddd2fc5cae0ce89c59b51e9a911d091798a5be639
                      • Instruction Fuzzy Hash: A2011D34809398CFCB16DF64D8493E8BBB8BB4A345F0459D6D449E6291D7B849C4CF01
                      Function 0785BF00 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 205efee42210dee7f4f4e6e1c876c1be7cbcf5e8145320bf41ffc13e284cad65
                      • Instruction ID: 44e53ed728bce769b19e058925db1560d0edab2a3b2a65f444af9d3825cdae9e
                      • Opcode Fuzzy Hash: 205efee42210dee7f4f4e6e1c876c1be7cbcf5e8145320bf41ffc13e284cad65
                      • Instruction Fuzzy Hash: 6DE039727001286F93049A6ED884C6BBBEDEBCC670361807AF50CC7311D9319C0086A4
                      Function 0D8E1738 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1eadc8c7716dfe0a1cd23d40ed31fdb8d7b8fdf2818f6e1f821115c5f3c285b8
                      • Instruction ID: 75a11d2872680f123006865c6d6c85d9f386588196ba55641f9a6475b985d49f
                      • Opcode Fuzzy Hash: 1eadc8c7716dfe0a1cd23d40ed31fdb8d7b8fdf2818f6e1f821115c5f3c285b8
                      • Instruction Fuzzy Hash: C7F06DB4A103569FCB15CF69C444AAEBFF2AF09B64F144699E111DB281DB35D142CF80
                      Function 07859630 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d52e3fb39b49e94831d3bd8edd1cc5d586175ae361c496ce173764e64e38f395
                      • Instruction ID: 9d8f355c90248e6f633f1d073ba37e0567f0be0e5a41ceed19f3b1a479044f2f
                      • Opcode Fuzzy Hash: d52e3fb39b49e94831d3bd8edd1cc5d586175ae361c496ce173764e64e38f395
                      • Instruction Fuzzy Hash: 7BF0F8B16147058FDF28DF18D5829957BE5FB552587210A69E82ACF302E776E8038B84
                      Function 0785F3A8 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2cc7660871244d29bc841de313735ae13149e1417c5a0c60a8fc88b587c75f1b
                      • Instruction ID: 4db22e2b0fd9d486e89cfb6eb77c02e1ebd8b7b0c5d18fd64e3da2815c82ab01
                      • Opcode Fuzzy Hash: 2cc7660871244d29bc841de313735ae13149e1417c5a0c60a8fc88b587c75f1b
                      • Instruction Fuzzy Hash: 31F03AB4D19248DFCB04DF74D5456ECBFB4AB4A211F1085D9D909A3241E7784A01DF91
                      Function 0D8E051D Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61ed1e1d61ec9dba55926eacda5a5b8a0c6b08b58eff78fce4df91fd033f5030
                      • Instruction ID: 7f5875fb9d0c5a14677f3e143fcabd3f3938a2f99378b277ef2e747d2b019bd5
                      • Opcode Fuzzy Hash: 61ed1e1d61ec9dba55926eacda5a5b8a0c6b08b58eff78fce4df91fd033f5030
                      • Instruction Fuzzy Hash: 67F03A319082588FDB52DFA0C8906F8BBB8FB0A344F1085DAD849A7152C7359A86DF50
                      Function 0D8E1748 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2a8439f810c4182115fd19a6bf8e1eb06d2c6a69cbba56037fd2cf140117f1fe
                      • Instruction ID: 94ad491e9bd13d5e634d56563d430caebacdf9ddcdd2d8775067da1fcb2df1db
                      • Opcode Fuzzy Hash: 2a8439f810c4182115fd19a6bf8e1eb06d2c6a69cbba56037fd2cf140117f1fe
                      • Instruction Fuzzy Hash: E6F017B4E0030A9FDB44DFA9C805ABEBBF5AB08600F1085A9E908E3300D77485408F90
                      Function 07853FB8 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a48b438a1cd42e2bf97361a70cd474e3a8a162fc9df9db98e11e666f993bbc4f
                      • Instruction ID: 8460845a1541542c77a8fbd4dce4d6c67eaad916a4a605b825a7e3f4d6a8d71d
                      • Opcode Fuzzy Hash: a48b438a1cd42e2bf97361a70cd474e3a8a162fc9df9db98e11e666f993bbc4f
                      • Instruction Fuzzy Hash: FAF0DF30240610CFC718DB2CD588C597BEAEF4AB1971145A9E50ACB732CB72EC40CB80
                      Function 0D8E2DA8 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a3192142063c7db97a19e1c15b9653006a5e85e6a5183f3cac4e46572cfeecb
                      • Instruction ID: 4fd7a2d97f51ef22c3a137c9b19065ec614f54413cf06f45fd0ddece72769181
                      • Opcode Fuzzy Hash: 8a3192142063c7db97a19e1c15b9653006a5e85e6a5183f3cac4e46572cfeecb
                      • Instruction Fuzzy Hash: FEE0DF3531A3196BC7124B2AF4446A5BBB9FFC7791719025AE55AC7200CF658C12CBE1
                      Function 07859622 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 265de831f4fecab77a276927d203c5c47dc867260565e1669519d4ded4611883
                      • Instruction ID: 1acf70b1a945101bb44dd7c8dbe5bfc586e676547be9b09772a15b8dd86f0e2a
                      • Opcode Fuzzy Hash: 265de831f4fecab77a276927d203c5c47dc867260565e1669519d4ded4611883
                      • Instruction Fuzzy Hash: FCE09271614249DFDF29DF08E942A553BDAF752258F141669E803CB205EB6AF802CBC4
                      Function 0785F3B8 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa71181d1772399a4cb20d57dfc1b4540f4438f597aba79b7f6e47c5cd74f62b
                      • Instruction ID: 5eb3c336207d74b81902d13d19dbc28105edfe915f779fd28f137dd050acfe3b
                      • Opcode Fuzzy Hash: fa71181d1772399a4cb20d57dfc1b4540f4438f597aba79b7f6e47c5cd74f62b
                      • Instruction Fuzzy Hash: 59F039B4E09208DFCB04DFB8E5495EDBBB4AB8A301F10C5A99909E3340D7745A01DF80
                      Function 0D8E0266 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: df3fd6c8b4c6cd413dd6cd780c78289f7364b51e1957cd89ffae2060960cbf67
                      • Instruction ID: 1e15c86964d64c2fb51336d170356941ca2a820b08809c774850e6e50be9ff97
                      • Opcode Fuzzy Hash: df3fd6c8b4c6cd413dd6cd780c78289f7364b51e1957cd89ffae2060960cbf67
                      • Instruction Fuzzy Hash: E0F0AF75904218CFDB54DF54C940BE9BBF8FB49305F14849AD809E7241D736AE85CF40
                      Function 078597FA Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ac80c4102abee4077320cab5adb4920208a68589488494dbcc068aeec2f13f9c
                      • Instruction ID: 55ece25ce33cc6f07d49c8f9eb361e38b2217db04f4f06186ed8eef25072a6fe
                      • Opcode Fuzzy Hash: ac80c4102abee4077320cab5adb4920208a68589488494dbcc068aeec2f13f9c
                      • Instruction Fuzzy Hash: D7E0CD733100109BD3049A5FF845FDA77EDEBCDA2471500A6F209C3320DA55EC024790
                      Function 0D8E057D Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5d27c71a087cc9fab2c7a1a36358d4393107cad96ffbad9ac6b3f3ad98825364
                      • Instruction ID: 9713a705a959c34ba5d420d359c04d5c854f16f9adc4cefe21c5030a617d4e68
                      • Opcode Fuzzy Hash: 5d27c71a087cc9fab2c7a1a36358d4393107cad96ffbad9ac6b3f3ad98825364
                      • Instruction Fuzzy Hash: ECE0C93590521CCFCB26CF51C9447F8B7B9FB8A389F04D499840AA6255C375DA86CF40
                      Function 0D8E16E0 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 826aa874a28fb1808189061ca7dafa3c85f7f024ca8ceadf1ad6f9b7da6dbbd7
                      • Instruction ID: 9cab3c454fcd1aa2eab96c1d33958fcc4386724cd46eb755d9df7bbc62434008
                      • Opcode Fuzzy Hash: 826aa874a28fb1808189061ca7dafa3c85f7f024ca8ceadf1ad6f9b7da6dbbd7
                      • Instruction Fuzzy Hash: 9CE092B4E04255DFC350CF68C944A49BFF1AF05798F258A95C065DB266DB798102CF40
                      Function 07851C90 Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c5b5ac8d8d31342a20baced1107e8a0ad6151a04969fd321afed2df13e873dd2
                      • Instruction ID: e507c8b1e623205b8edd293cbb394c0e8cc9c97dac18bfe461d125e8e00d2a2f
                      • Opcode Fuzzy Hash: c5b5ac8d8d31342a20baced1107e8a0ad6151a04969fd321afed2df13e873dd2
                      • Instruction Fuzzy Hash: FFE086317006049FC71CCF1CF884A85B7F9EF48310B2586A9F009CB768DA71EC068B40
                      Function 078594EA Relevance: .0, Instructions: 21COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6784432346ac65a16942ecdb34f84c816211c2493901aa14868770bb0b5e5c1f
                      • Instruction ID: a4ca85428317bf88306ca692db99e3507d6d920747ad729a716fb73ef16f17aa
                      • Opcode Fuzzy Hash: 6784432346ac65a16942ecdb34f84c816211c2493901aa14868770bb0b5e5c1f
                      • Instruction Fuzzy Hash: 2FE0C2323006145BD3089B4DE811BC777DE9B89740F08C07BE50DCB780DAB9AC004B96
                      Function 0D8E0992 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6a99c1d8e77145e7e983ac0f1b97949803d6da0d2363f9e031bad9a8225eb3ed
                      • Instruction ID: aed49cf975d5b821435b1f692e0b50de4dbdc25c094afd7861491bee59e38f55
                      • Opcode Fuzzy Hash: 6a99c1d8e77145e7e983ac0f1b97949803d6da0d2363f9e031bad9a8225eb3ed
                      • Instruction Fuzzy Hash: 3BE0E5759002189FDB40DF90CC85BE9BBB9FB49301F148099E609E7291D6369A85CF50
                      Function 0D8E2DB8 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c5873c5fe562c23656817bc0c1a74e2c427e5cc360a807ff6f41a5bc87cf12ab
                      • Instruction ID: 323232d79800d7472f1875d190be845e83c32780a728611d7ebe7030602b7c0f
                      • Opcode Fuzzy Hash: c5873c5fe562c23656817bc0c1a74e2c427e5cc360a807ff6f41a5bc87cf12ab
                      • Instruction Fuzzy Hash: 7FD0A73630672C63C6241A5BB4086BBB79EFFC7B62708022EF50AC3300CE669C0086E5
                      Function 0D8E0ED0 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c2236f313e2bb98179edba27f53e452ec8cae72be91c22a2042335756bc42fc5
                      • Instruction ID: d5af14dbfb7fd7a59c7a94ba6d10d8725fe45dcf1519d9e20bb7dc0029ef666a
                      • Opcode Fuzzy Hash: c2236f313e2bb98179edba27f53e452ec8cae72be91c22a2042335756bc42fc5
                      • Instruction Fuzzy Hash: C9E0C23090A2C58FDB46DBB899553EA7FB09B02205F1445EBE804C7292E7744B44DF61
                      Function 0785D5BD Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c5d8ab118cd8d7e8b8fb275220ea2b222bfb23444c16089f9279d28a851fdae
                      • Instruction ID: 899663b4be31fe04fa9ba299dc7cff616a3d5b02f9fa629d3492bf3b5dcd1677
                      • Opcode Fuzzy Hash: 9c5d8ab118cd8d7e8b8fb275220ea2b222bfb23444c16089f9279d28a851fdae
                      • Instruction Fuzzy Hash: 55E0C9B0E04228CFDB15DFA9C940B9EBAB2BB95300F00D09AD506A7254D7345D458F62
                      Function 07851CA0 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ffd5a0a96046ffcb3cfaa54b557853e76a1364f9d49182172df9397f03bc71b
                      • Instruction ID: 967cc976f603a555e4a09118d5f11ceca053472fcc3e273af815519fd77ee19e
                      • Opcode Fuzzy Hash: 3ffd5a0a96046ffcb3cfaa54b557853e76a1364f9d49182172df9397f03bc71b
                      • Instruction Fuzzy Hash: 97D017303107149FC728DA1CE840D9AB7EEAF8822032486A9F009C7760DA61EC058684
                      Function 0D8E0417 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9eeb61ce2c416417ef6a8c5cb9d604ef1c7410f87638cad30d5fa251efebc95
                      • Instruction ID: 85ced96c35f57f6d4b37b360934ae58aa5f36687db2301d085271084fdc6709c
                      • Opcode Fuzzy Hash: e9eeb61ce2c416417ef6a8c5cb9d604ef1c7410f87638cad30d5fa251efebc95
                      • Instruction Fuzzy Hash: 5EE01274A08218DBDB55CF94CC90AACBBBABB8D314F20C0699509AB245C632A982CF40
                      Function 0D8E16F0 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4686a563ab561a486a52a08524799bf6c20116f57c0b23933ea67bce819150a9
                      • Instruction ID: 4143cc8c840ff693bbbb68136d82d18edab47d10ea69a7c2277a96bc8e4eb1d4
                      • Opcode Fuzzy Hash: 4686a563ab561a486a52a08524799bf6c20116f57c0b23933ea67bce819150a9
                      • Instruction Fuzzy Hash: 7DE012B0D0021ADFC780EFB9C908A5EBBF0BB08640F1084A9C018E7211E7B48A018F81
                      Function 078594F8 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4542bdfdc4a94527d7560a474cd22ce18ff52ea15e668d902ed0bb27cd7e19f3
                      • Instruction ID: c7ff2a0f01b4bdc8a0051fb6170f6424b6fb87accac71359b296f16e3a179f47
                      • Opcode Fuzzy Hash: 4542bdfdc4a94527d7560a474cd22ce18ff52ea15e668d902ed0bb27cd7e19f3
                      • Instruction Fuzzy Hash: 3CD05E713046145BC709664C9410B9B76CE8FC9750F15807BE50D8B781D9A59C0007D7
                      Function 0785A3A1 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b9ce7fedcaa1c1c11244eff249178807a02fcc7adf8069d16b81496fd8a4412
                      • Instruction ID: 9c6f119bf8899fc1ae85d0053d258f4cf0f0f052e8bdd187e33d2e4829117086
                      • Opcode Fuzzy Hash: 3b9ce7fedcaa1c1c11244eff249178807a02fcc7adf8069d16b81496fd8a4412
                      • Instruction Fuzzy Hash: 5EE08CB0560109DBD718AB80D48A3FDBFA2EB22315F10861AE803E6690CB780902DB42
                      Function 07859808 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85671553062c9aa13b42bd6923878ee047c6cee662fbef5df38b59960d152e2e
                      • Instruction ID: f1af6fc32f140abd60ef3261981c1299871547670f7530c39e5e8828ea3c0f9d
                      • Opcode Fuzzy Hash: 85671553062c9aa13b42bd6923878ee047c6cee662fbef5df38b59960d152e2e
                      • Instruction Fuzzy Hash: CAD0C7323105145F87049A5EE444C5BB7EDEFCDA2131540BBF209C7331DE61DC028794
                      Function 0785AD37 Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4fad1d291f89073bbea192c6f9e3f7596744bc4758bf2bdad1b547920e4b5869
                      • Instruction ID: b826e0157036d10b578980526349ff435d95df5cfb1f5699be5d22cb0f8fe55b
                      • Opcode Fuzzy Hash: 4fad1d291f89073bbea192c6f9e3f7596744bc4758bf2bdad1b547920e4b5869
                      • Instruction Fuzzy Hash: 2FD05B725241004FD348FF39DC4678E7BF67B54740F48C435D584C2204DA395119C711
                      Function 0D8E072C Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9b064456bf100c1219d8ec31929e10a8be3bac588af260de89ce7b5f33e15429
                      • Instruction ID: 71fed53b26f69030e6ce667414db633b5352961100a3ab19a9c2f447a90260b3
                      • Opcode Fuzzy Hash: 9b064456bf100c1219d8ec31929e10a8be3bac588af260de89ce7b5f33e15429
                      • Instruction Fuzzy Hash: D9E0B634A09218DFCB51CF94DC90B98BBB5FF4D314F2484999949AB295C632A991DF40
                      Function 0785AB30 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2d897f4ca8b05dd776985d56cebd5cf9ba1b27ad9a34f0801df401463dc07e27
                      • Instruction ID: c29e271475c3de05a972a431bf892af237a83edcd6a6ddb153634ed83176a210
                      • Opcode Fuzzy Hash: 2d897f4ca8b05dd776985d56cebd5cf9ba1b27ad9a34f0801df401463dc07e27
                      • Instruction Fuzzy Hash: 7BD05E32140204EFDA80DF98DC81F5573B9E718620F809110FA448AA00C239E852DB51
                      Function 07854A20 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1deb854c075a1e5947c488947d689ca5e608f490693bb9d692d28aaf24ed743c
                      • Instruction ID: d5275906682a2dc4f73972875de76353e6d8bd0defd5ff23b7154ba5932a1045
                      • Opcode Fuzzy Hash: 1deb854c075a1e5947c488947d689ca5e608f490693bb9d692d28aaf24ed743c
                      • Instruction Fuzzy Hash: 2AD0A97123420B83EB995AA6A405A2A7798AB00208F040028F80EC2800FA62E882A105
                      Function 0D8E0EE0 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c01bb11777525a836e241fccbeb53da8c0a73822a4d92c70010823acbe5d70f1
                      • Instruction ID: ee678a2dc580fa605959868386f11a66b9f960c372480ad7d196cf4b61dcc56d
                      • Opcode Fuzzy Hash: c01bb11777525a836e241fccbeb53da8c0a73822a4d92c70010823acbe5d70f1
                      • Instruction Fuzzy Hash: C3D0A730C511089FCB44EBBCD90675D7FB49700201F1044B8980493240E7704A50DB91
                      Function 07859E20 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 73edf2ffa0409aaabd6a8f2a2f1c7cac5d8ff181b08cda11be13b19e0964f59e
                      • Instruction ID: b1c2f102aea4c4e9b43e935aca2d79021daab1d8eca892838c65cc6f404fb372
                      • Opcode Fuzzy Hash: 73edf2ffa0409aaabd6a8f2a2f1c7cac5d8ff181b08cda11be13b19e0964f59e
                      • Instruction Fuzzy Hash: EED09233004108BBEB41BA81DC02F59BB6AEB14254F288145F61949162D277E9269F91
                      Function 07854A0F Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43917705e845da4e9db012fcc92c35bfb613c78aadce0b18c7913ba6fc135b5f
                      • Instruction ID: 37d2dfd56da89649c13c58737f64d75a8121ce2550acb1e3c153b716c5dc8717
                      • Opcode Fuzzy Hash: 43917705e845da4e9db012fcc92c35bfb613c78aadce0b18c7913ba6fc135b5f
                      • Instruction Fuzzy Hash: 7ED05EB612A3C687EB59AF67A449B2E7F64AB52608F08449DDC8FC6402FA35C442D606
                      Function 0D8E087B Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10bd43bab260bc9af4f024e03a42e89f7a39505ddd4a8cb45506dcbc92d885ef
                      • Instruction ID: a105e081b013a8335c564e2710979350b91a597c548eff5ca36610bf8372416c
                      • Opcode Fuzzy Hash: 10bd43bab260bc9af4f024e03a42e89f7a39505ddd4a8cb45506dcbc92d885ef
                      • Instruction Fuzzy Hash: EBD017B4809618CFD713AFB4D84C3E8BBB8FB1A306F0469E9940EE7210D37849408F12
                      Function 0D8E17E8 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2094fe7d2cd77968e8027dc49eddca745f6b433ccb762abfa490b191ebc5633d
                      • Instruction ID: 22bbcf201343568b4f3da75646c78f8d90ae5944720c0fa8198d6b40ac4106b6
                      • Opcode Fuzzy Hash: 2094fe7d2cd77968e8027dc49eddca745f6b433ccb762abfa490b191ebc5633d
                      • Instruction Fuzzy Hash: 86D0123615820C5E4B80EFA9F880C56BBDCEB256503468462F548C7021E621E474EB52
                      Function 0785D0A0 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2add4da31a36752ec43f49ba84ef29bcbb54d9f2a0e8f0b05357b7e9b5900c0f
                      • Instruction ID: 4926e674082fc57309467536380baf6de1f1fea80e3829268bcbdfc42923f0c0
                      • Opcode Fuzzy Hash: 2add4da31a36752ec43f49ba84ef29bcbb54d9f2a0e8f0b05357b7e9b5900c0f
                      • Instruction Fuzzy Hash: D2C012B05552089FC740DEB9D4096597AE8D705216F004454EC09C3140D6755410DB72
                      Function 0785D555 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c4c16d1111a427ab21ef5918aad3e71ab0a2cb3797c7bec57a0174aacd6ad8e6
                      • Instruction ID: 8c004fed2476abd3530d4e420c3cb2181eeb4f4932dc5628150c01993671a2a3
                      • Opcode Fuzzy Hash: c4c16d1111a427ab21ef5918aad3e71ab0a2cb3797c7bec57a0174aacd6ad8e6
                      • Instruction Fuzzy Hash: 30D0127095111A8FCB94DF68DA80B8CB7B5FF89201F009564D809E3228E7385948CF14
                      Function 0785AB40 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a2492d6e2e2df4a365880e72eb70f6d55902aee66bac000484197d1efbbba23f
                      • Instruction ID: c43e9e5a3fb30361d9c00ea95f286018a7c6c844287ad250ffdeab496515a9b4
                      • Opcode Fuzzy Hash: a2492d6e2e2df4a365880e72eb70f6d55902aee66bac000484197d1efbbba23f
                      • Instruction Fuzzy Hash: 4FC01236200208AFDA80AA98C800D56B7A9AB18620F50A041BA084A241C272EC62DBA2
                      Function 07859E30 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7282bd47c7fc59473d99393943301e2e415b0767e717727f804e189d92327ef9
                      • Instruction ID: 18ac9257637db705b869dd6c65329ff1e76af44fca3149dcd01ea7c4f888c043
                      • Opcode Fuzzy Hash: 7282bd47c7fc59473d99393943301e2e415b0767e717727f804e189d92327ef9
                      • Instruction Fuzzy Hash: 03C01232000208BBCB426A80C800E09BF2AAB142A0F148045FB040D061D273D922AB81
                      Function 07858C63 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 24f7061a0033b24c5353d9da825a08cab79ea53f4d35b6a0dfa2b2b8d1a12a46
                      • Instruction ID: ffd75371b744ceb5b3e8aa563f6e26e7a1652b6a843c698790fe22d9fb3149b2
                      • Opcode Fuzzy Hash: 24f7061a0033b24c5353d9da825a08cab79ea53f4d35b6a0dfa2b2b8d1a12a46
                      • Instruction Fuzzy Hash: E9C08C7A0500049A8680A70889C0CA5BA94FF65304B0088A3E504C6030CA21C81CDB02
                      Function 0785B3CF Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c403bea1af9735d5c782d78b81026c19a77aff9ffc6f4d5535c2e05d6c6ca982
                      • Instruction ID: 0a9aedfd6a84889b0fea262f2baabe297ec3276223112f9aba4a453cef83c0f2
                      • Opcode Fuzzy Hash: c403bea1af9735d5c782d78b81026c19a77aff9ffc6f4d5535c2e05d6c6ca982
                      • Instruction Fuzzy Hash: 49C04C77010100EFE781EB48DD82F45B7A5FB65341F458096914487131D726D91E9B42
                      Function 0D8E08CA Relevance: .0, Instructions: 7COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7e0eb6d87de60ba8c8d7ca95ee189a4603d79a482c0507b76a89cc155c8e5ce2
                      • Instruction ID: 3c6ceda50926a6cff7345ae04de5221ecb68d276c835f4bc60a14c50aaddefa5
                      • Opcode Fuzzy Hash: 7e0eb6d87de60ba8c8d7ca95ee189a4603d79a482c0507b76a89cc155c8e5ce2
                      • Instruction Fuzzy Hash: 6CA022F088030C8BCB230E80EC22FA3A2FCB38330CE00A28F800832808C3F003880C02

                      Non-executed Functions

                      Function 07B53918 Relevance: 3.9, Strings: 3, Instructions: 150COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: '<"C$'<"C$NvTt
                      • API String ID: 0-1787953242
                      • Opcode ID: ee579bf635d378b51fd5a563f6dbfe31df24e909ec1ab9c8121b59c28cc1ce37
                      • Instruction ID: 758bbe9bf5b48de9e3d38f31fb239ac0aecbe7e243939b39de369f6db7bca4cd
                      • Opcode Fuzzy Hash: ee579bf635d378b51fd5a563f6dbfe31df24e909ec1ab9c8121b59c28cc1ce37
                      • Instruction Fuzzy Hash: C45108B4E05209DFDB08CFAAD4856AEFBF2AF89340F14946AE816A7354D7345A41CF50
                      Function 07B53250 Relevance: 1.4, Strings: 1, Instructions: 163COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: sX
                      • API String ID: 0-3110708420
                      • Opcode ID: b9e0dab31de21fdb4e115d21da8af32b3ba62b4f9eec372e36589d59a5089240
                      • Instruction ID: 439a852f14657b3c679cf9d4e9661f3d7b1a9c9bef0ec4077e92b1fcb9a3c63d
                      • Opcode Fuzzy Hash: b9e0dab31de21fdb4e115d21da8af32b3ba62b4f9eec372e36589d59a5089240
                      • Instruction Fuzzy Hash: 046122B4E1560A8FDB04CFA9C5809DEFBF2FF89250F24946AD815B7314D7359A02CB64
                      Function 07B53260 Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: sX
                      • API String ID: 0-3110708420
                      • Opcode ID: 11271aab8b59e7e17a1a68e6c87d0f016c5cc5b55c17766dd32a943520e2055a
                      • Instruction ID: 0c515d0c84eccfe3b0defb400832efe7e186980288ae15f3ff2343162cbd4ebb
                      • Opcode Fuzzy Hash: 11271aab8b59e7e17a1a68e6c87d0f016c5cc5b55c17766dd32a943520e2055a
                      • Instruction Fuzzy Hash: 086101B0E15609CFDB04CFAAC9809DEFBF2FF89250F24946AD815B7314D7359A428B64
                      Function 0785E838 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: V3~
                      • API String ID: 0-1917302123
                      • Opcode ID: 4a698b52ec375bf3acee1e30ddb40660fbcb0c501c058ef076f6f85699fd0c46
                      • Instruction ID: c1f1543b887b4c216bc99c1e15c25c9d0838196a3db7f057f54b153c7bbde7e9
                      • Opcode Fuzzy Hash: 4a698b52ec375bf3acee1e30ddb40660fbcb0c501c058ef076f6f85699fd0c46
                      • Instruction Fuzzy Hash: B05109B0D152598FDB08CFA9C9406AEFBF2BF89300F24D56AD815FB255D3349A41CB64
                      Function 07B530B0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4$VD
                      • API String ID: 0-4229505421
                      • Opcode ID: 1f9bedcc8d95b3d375e021e48b313477a9e85eec2c7f7d52af085fc400dcc6d2
                      • Instruction ID: 227480e06abe5103dfc517629c99208c0c1a273421efcd41f23b3a03fd10f0a0
                      • Opcode Fuzzy Hash: 1f9bedcc8d95b3d375e021e48b313477a9e85eec2c7f7d52af085fc400dcc6d2
                      • Instruction Fuzzy Hash: 9F41F8B0D0560A9FDB44CFAAC8816EEFBF2AF89350F14C46AC815A7354D7349A51CFA1
                      Function 07B530C0 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4$VD
                      • API String ID: 0-4229505421
                      • Opcode ID: db10ab0d1d0daf8da9c980fdccf5d92ab39fe27cf6e83ca62fa9d2b39725d7b2
                      • Instruction ID: 5e726a86b81b8e515d082c670113661eece6dbd1952ae3af29e1180195bf7691
                      • Opcode Fuzzy Hash: db10ab0d1d0daf8da9c980fdccf5d92ab39fe27cf6e83ca62fa9d2b39725d7b2
                      • Instruction Fuzzy Hash: 9F41D8B0D0160A9BDB44CFAAC9816EEFBF2BF89340F14C569C815A7354E7349A41CFA5
                      Function 0D8E2DF8 Relevance: .3, Instructions: 333COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2080346780.000000000D8E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D8E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_d8e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0810bdca320808fb6544a8b899b0f33423531c878f3c40e1e5a9f252d53f2338
                      • Instruction ID: b4e5200cd5b487df9a6dcda40d54b28f3ebb09197bc32475d3f85d9a42e7ed1a
                      • Opcode Fuzzy Hash: 0810bdca320808fb6544a8b899b0f33423531c878f3c40e1e5a9f252d53f2338
                      • Instruction Fuzzy Hash: 60C1CD717007009FDB29DB79C85076EB7EAAF8A741F14846EE10ACB291DB39E901CB52
                      Function 07B55331 Relevance: .3, Instructions: 330COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a057a50f8dc458250e9dd9439cdb8f2dd66e7264a3fa94153f9de4251a0d9d1
                      • Instruction ID: 457d802eaf0b78540c9f09816f28d46e6c168b7150260beeb85685eff4f6c2c3
                      • Opcode Fuzzy Hash: 8a057a50f8dc458250e9dd9439cdb8f2dd66e7264a3fa94153f9de4251a0d9d1
                      • Instruction Fuzzy Hash: 1DE115B0E15249DFDB18CFAAC5816DEFBF2BF89301F24956AD415AB228D7349942CF10
                      Function 07B5BDC8 Relevance: .3, Instructions: 317COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e881bf31c961005ffd6e0766c709b65e858d684643a032505e17e9c20df51610
                      • Instruction ID: 1c3c56eee76c95ad05d69dd6130f6462e375c1cf576b38aedfd8b8fbc63cfe27
                      • Opcode Fuzzy Hash: e881bf31c961005ffd6e0766c709b65e858d684643a032505e17e9c20df51610
                      • Instruction Fuzzy Hash: C0E1FAB4E002198FDB14DFA9C580AAEFBF2FF49305F248159D815AB356D731A981CFA0
                      Function 07854D00 Relevance: .3, Instructions: 315COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02d69886f4a4e421aa733bae4cf3a1daca97b98aa46049967cf57124b33d41ef
                      • Instruction ID: e4ee56411a969d247920ff83ecf0519a6eb30fca2718cd37c503824a32c71f08
                      • Opcode Fuzzy Hash: 02d69886f4a4e421aa733bae4cf3a1daca97b98aa46049967cf57124b33d41ef
                      • Instruction Fuzzy Hash: BE1293F08017458BE320DF67E9581893BB2F78532AB51426DF2615F2E9DBBC198ACF44
                      Function 07B55378 Relevance: .3, Instructions: 313COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 49c60acea9bcb09de56f46e2721becf7b681d6b0edf69ce152b9f7e22e2f9250
                      • Instruction ID: 322683a1897a80ea6b67451e6873b8169c824b0168fe2659119dbde4fb65f5dc
                      • Opcode Fuzzy Hash: 49c60acea9bcb09de56f46e2721becf7b681d6b0edf69ce152b9f7e22e2f9250
                      • Instruction Fuzzy Hash: C3D114B0E15249CFDB18CFAAC5815DEFBF2BF89301F24956AD815AB228D7349942CF14
                      Function 07B5C648 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 91cd9fcb4a1407d5db46f5c38417af18b81f469057d46918f91621122157978b
                      • Instruction ID: 2057db78cf5b6f1be247d327b9a47c975bcc5f3e61fb34146798ab5272482518
                      • Opcode Fuzzy Hash: 91cd9fcb4a1407d5db46f5c38417af18b81f469057d46918f91621122157978b
                      • Instruction Fuzzy Hash: 6DE1FBB4E002198FDB14DFA8C580AAEFBF2FF49305F248159D815A7359D731A981CFA1
                      Function 07B5C210 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5673d6669fdf4482f4574e2c1c4021cadf71fe57cd17192c0753a8497e8be15a
                      • Instruction ID: 1e1962625ec2a1f1378c53cad706e827c6783e9b71802b16cffbf174a4cb8e62
                      • Opcode Fuzzy Hash: 5673d6669fdf4482f4574e2c1c4021cadf71fe57cd17192c0753a8497e8be15a
                      • Instruction Fuzzy Hash: B6E1EAB4E0021A8FDB14DF99C580AAEBBF2FF49305F248169D815A7359D735A941CFA0
                      Function 07B5CA80 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3c5dd3419a6309b647857a4234eccb083e0bf151ac508bca770d6802270741af
                      • Instruction ID: 5170546212aed0a43f63fad3aa9e74b5605d2f6cc46daefa2b362fc941584740
                      • Opcode Fuzzy Hash: 3c5dd3419a6309b647857a4234eccb083e0bf151ac508bca770d6802270741af
                      • Instruction Fuzzy Hash: 96E10AB4E0021A8FDB14DFA9C580AAEBBF2FF89305F248159D815A7359D731A941CFA0
                      Function 07B5EA00 Relevance: .3, Instructions: 312COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b1b8628133b88ccecaaee298b19c0eda4927237cfcf7fefea6143153ca3c66e8
                      • Instruction ID: 00a2e7a414667b99024df058e3bfdeaa7abaf2feedd0f158d400a9424fddb023
                      • Opcode Fuzzy Hash: b1b8628133b88ccecaaee298b19c0eda4927237cfcf7fefea6143153ca3c66e8
                      • Instruction Fuzzy Hash: 54E10CB4E001198FDB54DFA9C580AAEFBF2FF49305F248169D815AB359D731A941CFA0
                      Function 07B54E40 Relevance: .3, Instructions: 280COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56f56c6ebe0a7b7ee3b1cbf923daa123c3ad414e973c7c1b55dec228f8685fde
                      • Instruction ID: ccfca475248c2b1e43872ecce187f599550ec509b8cb4ca8b78b56a9e84ffe3e
                      • Opcode Fuzzy Hash: 56f56c6ebe0a7b7ee3b1cbf923daa123c3ad414e973c7c1b55dec228f8685fde
                      • Instruction Fuzzy Hash: 89C1F6B0E1425ADFEB18CFE6D8806AEFBB2FF89200F10956AD415BB254D7349942CF54
                      Function 0785C468 Relevance: .3, Instructions: 269COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7074ec84536bbeccb9d588d788240096549978d877ba42426bfd592f8404e561
                      • Instruction ID: f3e3cbb20c5c401bffef0e2731c3109600dc22e745df4b98da112eef67351c77
                      • Opcode Fuzzy Hash: 7074ec84536bbeccb9d588d788240096549978d877ba42426bfd592f8404e561
                      • Instruction Fuzzy Hash: 28D11730C1065A8ACB10EB64D990AD9F7B5FF95300F10CB9AD54A37264EF74AAC9CF91
                      Function 0785C478 Relevance: .3, Instructions: 264COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f35abcb3f0e9721282adc219c550eb0ed490b11332cc1c7cbaaf905256a34660
                      • Instruction ID: d53f8904b48b564c29029de901571ac184de55c9663ba1de0b2feefab8c3eac9
                      • Opcode Fuzzy Hash: f35abcb3f0e9721282adc219c550eb0ed490b11332cc1c7cbaaf905256a34660
                      • Instruction Fuzzy Hash: 7AD1F830C1065A8ACB10EB64D990AD9F7B5FF95300F10CB9AD54A77264EF74AAC9CF90
                      Function 07B53E50 Relevance: .3, Instructions: 252COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0d2daa3eb4272efc8c3b16367d49838569ed5abab9f3dc081fb65a020cc0a2aa
                      • Instruction ID: 67a31257f8f283fe773af1f48a97c4d84f306bf9205a4f41654e3aa37fddb58d
                      • Opcode Fuzzy Hash: 0d2daa3eb4272efc8c3b16367d49838569ed5abab9f3dc081fb65a020cc0a2aa
                      • Instruction Fuzzy Hash: 63B109B0E142198BDB14DFA9C580A9EFBF2FF89305F24D1A9D819A7355D7309942CF60
                      Function 07B53E40 Relevance: .2, Instructions: 244COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 50ef5494957e57f53596c8678a1d8309edcb60b4ed8179374d3448252a25d508
                      • Instruction ID: 99dbf503da20e442460e3d3460cad136d54f81ae8666412f59c133fadb6521cc
                      • Opcode Fuzzy Hash: 50ef5494957e57f53596c8678a1d8309edcb60b4ed8179374d3448252a25d508
                      • Instruction Fuzzy Hash: 19B12AB0E142598FDB14CFA9C580A9EFBF2BF89305F24D1A9D809A7355D7309941CF61
                      Function 07854CF0 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6ed0563059635a43134b95ec5d3c15e7d45525022d57967a41ec457ce0e79797
                      • Instruction ID: 486685d188cb1df1ea1e2dff16e477a1f1812942ae06f416e87e2000014883ca
                      • Opcode Fuzzy Hash: 6ed0563059635a43134b95ec5d3c15e7d45525022d57967a41ec457ce0e79797
                      • Instruction Fuzzy Hash: 92C1E4B08007468BD714DF67E9481897BB2FB85326F11822DE1616F2E8DBBC188ACF44
                      Function 07B53EFB Relevance: .2, Instructions: 211COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02d606cf13e995ba5d1509faced0ed8f496a371091d285e3637e0bb829638616
                      • Instruction ID: 9229d35708b7e993c4bda831eb02919729e06a384f05dda6ff4c0598e9d0addc
                      • Opcode Fuzzy Hash: 02d606cf13e995ba5d1509faced0ed8f496a371091d285e3637e0bb829638616
                      • Instruction Fuzzy Hash: 45A129B4E142198FDB14DBA8C580A9EFBF2FF89305F249199E809A7355D730AD81CF60
                      Function 07B51E50 Relevance: .2, Instructions: 178COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ad1913642668dc4b8135d4e187d08b524e7980bf76132bac85fabc6f18d6418f
                      • Instruction ID: 76aaaa422796c40f8dc7a644ceed669c42e87490f7ce5f58d50bbbff44475ef9
                      • Opcode Fuzzy Hash: ad1913642668dc4b8135d4e187d08b524e7980bf76132bac85fabc6f18d6418f
                      • Instruction Fuzzy Hash: F181C1B4E15219CFDB44CF99C584AAEFBF2FF89310F148559E815AB260D734AA42CF90
                      Function 07B51E40 Relevance: .2, Instructions: 178COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a431ed5dae6ee9996f2aea346bd60908c68eff441058902aa0104c9863ee5ad7
                      • Instruction ID: 2e6fa9a37673bb0d7b5131bbfd395734bbadcaaff917df7fd9a06bd2d50c57b7
                      • Opcode Fuzzy Hash: a431ed5dae6ee9996f2aea346bd60908c68eff441058902aa0104c9863ee5ad7
                      • Instruction Fuzzy Hash: E181F3B4E15209CFCB44CFA9C584AAEFBF2FF89210F148595E815AB361D334AA42CF50
                      Function 07B52A20 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 05d5f0bc3278c1c150f3861cc7ec683755de61dd8c9036a705ccec6a714fb916
                      • Instruction ID: 1aad979c67ca52ff77c34c8d7fb3bb8dbe43c94021b9e2fb502e1f054337b737
                      • Opcode Fuzzy Hash: 05d5f0bc3278c1c150f3861cc7ec683755de61dd8c9036a705ccec6a714fb916
                      • Instruction Fuzzy Hash: 4661F5B4E16219DFDB04CFA9C581AEEFBF2FB49310F149595E805AB315D330A942CB98
                      Function 07B52A11 Relevance: .2, Instructions: 156COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 608897054d0bbe5a6464796dc5c31a676a280f4da9a595a2e00f789cacd01819
                      • Instruction ID: 1d0c5e5bc314977e0bd1c5b2bc04e5c07355c65ec9dbdd0c764c35afa8e93fcd
                      • Opcode Fuzzy Hash: 608897054d0bbe5a6464796dc5c31a676a280f4da9a595a2e00f789cacd01819
                      • Instruction Fuzzy Hash: 6061F5B4E1620ADFDB04CFA9C581AEEFBF2FB49350F148596D805AB315D3309942CBA4
                      Function 07B5C638 Relevance: .1, Instructions: 133COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c108894b3278085e7f22547b940b362d216cdeabf74cd74b9ec14815894dddf5
                      • Instruction ID: 69d8e35be9999cb0ac69d1425673104450f5d2c79146c51d55def23308e12fe7
                      • Opcode Fuzzy Hash: c108894b3278085e7f22547b940b362d216cdeabf74cd74b9ec14815894dddf5
                      • Instruction Fuzzy Hash: 37510EB4E0121A8FDB14CFA9C9805AEFBF2FF89305F24C1A9D418A7656D7319941CFA1
                      Function 07B534B1 Relevance: .1, Instructions: 126COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 271b92c6a46e847d6d0daf40516e661b50fe62a257718fc95106591be2391256
                      • Instruction ID: ee07cd0edea35787f1d952c9e5613162730db97ae0d16aa3c153f30a957e0677
                      • Opcode Fuzzy Hash: 271b92c6a46e847d6d0daf40516e661b50fe62a257718fc95106591be2391256
                      • Instruction Fuzzy Hash: 3F5149B4E1520A9FDB05CFA9D5805AEFFF2AF89344F24D4A6D805A7314E3348A418BA1
                      Function 07B534C0 Relevance: .1, Instructions: 120COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 857388a4cb949de25fe445e56408b43fb96a79881210be39a4c7fded78e1bb91
                      • Instruction ID: ecdf926c0488e84bc75000865b2b00e2bbc55f9de3f0f183ca8ff668e96cc049
                      • Opcode Fuzzy Hash: 857388a4cb949de25fe445e56408b43fb96a79881210be39a4c7fded78e1bb91
                      • Instruction Fuzzy Hash: C35129B4E1520ADBDB04CFAAD5805AEFBF2AB89344F24D46AC805B7314D3349B418BA5
                      Function 07B51C40 Relevance: .1, Instructions: 118COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 709e4ffb08edde4d51917d5c8feb3107a3c2dcbf065576afaef78173637ed689
                      • Instruction ID: 10103fb244a7cc165d10fffb879772a23c10fcdcb096dad51749c77ff46fbfef
                      • Opcode Fuzzy Hash: 709e4ffb08edde4d51917d5c8feb3107a3c2dcbf065576afaef78173637ed689
                      • Instruction Fuzzy Hash: 77413CB0E1510DEFDB48CFADC4806AEFBB2FF86240F14D599C415AB215E7309A818F91
                      Function 07B51C50 Relevance: .1, Instructions: 113COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2077053027.0000000007B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 07B50000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7b50000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9457c281cc47800d0192aafa756ec55f9751fe17159cef7eb918975612650a1f
                      • Instruction ID: 0c3e944feaf55b4a8ebac6a9426cbde8ef2956f962b42337647d277c2afaa517
                      • Opcode Fuzzy Hash: 9457c281cc47800d0192aafa756ec55f9751fe17159cef7eb918975612650a1f
                      • Instruction Fuzzy Hash: 5A413BB0E1510DEFDB48CFADC5806AEFBB2FF85240F20D599C805AB204E7309A818F95
                      Function 0785D0C9 Relevance: .1, Instructions: 84COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: de9bbed0c9b9971ca64d63072ccd9a6b6d86394275c83edb4b3a5eac008f5e50
                      • Instruction ID: 2c050b5a4bf04fadca9d0e2fca271a192f89fefef0aeb38c647c625f94da944c
                      • Opcode Fuzzy Hash: de9bbed0c9b9971ca64d63072ccd9a6b6d86394275c83edb4b3a5eac008f5e50
                      • Instruction Fuzzy Hash: FE310DB1E156199BDB58CFABC84169EFBF3AFC9210F14C166C808A6214DB345985CF61
                      Function 07850007 Relevance: 41.7, Strings: 33, Instructions: 456COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq
                      • API String ID: 0-3058033958
                      • Opcode ID: c907685440fd668625875821c34c2d5e44cce9c0b96ab0c5d45f2d2b08e6e295
                      • Instruction ID: 3f30c2635003fe696c90a45779a2061c826a8fd460475ed2b0fa399e2a1f1918
                      • Opcode Fuzzy Hash: c907685440fd668625875821c34c2d5e44cce9c0b96ab0c5d45f2d2b08e6e295
                      • Instruction Fuzzy Hash: 122213709012199FCB18EF75E951AAE7BF2FF44300F1085AEE009AB269DB786D45CF91
                      Function 07850040 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000000.00000002.2071674803.0000000007850000.00000040.00000800.00020000.00000000.sdmp, Offset: 07850000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_0_2_7850000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq
                      • API String ID: 0-3058033958
                      • Opcode ID: 2878583f1b87a5ca16f3db16798ead6b811cc9c73b398f37f3049eddcfb2839c
                      • Instruction ID: b7c7a58da905fbabf91987f9699d7f77c318a03f817309ca6632a01a3697848f
                      • Opcode Fuzzy Hash: 2878583f1b87a5ca16f3db16798ead6b811cc9c73b398f37f3049eddcfb2839c
                      • Instruction Fuzzy Hash: EB120170A012199FCB18EF75E951AAE77F6FF44300F1085ADE009AB269DB786E45CF81

                      Executed Functions

                      Function 01670B12 Relevance: 1.8, Strings: 1, Instructions: 575COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: dnq
                      • API String ID: 0-3704129773
                      • Opcode ID: e2dcdab521731d6e09eebb4566d1543e15888ffd2ef6eafcb2b9b7a6123dda8e
                      • Instruction ID: 1e2cef6a3f7df84a30e77c28ed620d00f22e8b4dbcfff0ad156f2e47271cb44f
                      • Opcode Fuzzy Hash: e2dcdab521731d6e09eebb4566d1543e15888ffd2ef6eafcb2b9b7a6123dda8e
                      • Instruction Fuzzy Hash: 57421670A002498FCB15DFA8D984A9DBBF2BF49310F1581A9E416EF3A9DB34AD45CB50
                      Function 01670981 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRjq
                      • API String ID: 0-665714880
                      • Opcode ID: b3ea7a286b217ff70c8a0db04ef83c5e45a006037a4175a32fd603f3a6c3e418
                      • Instruction ID: f15d31b0d412d0be6bc7d9483eb4df38ed25d0a255eaee3a9d19dd1bdda33110
                      • Opcode Fuzzy Hash: b3ea7a286b217ff70c8a0db04ef83c5e45a006037a4175a32fd603f3a6c3e418
                      • Instruction Fuzzy Hash: 49214F3095020ADFCB45EFA8E940A9E7BF6FF84300B5086B9C015AB269E77C5D09CF81
                      Function 01670990 Relevance: 1.3, Strings: 1, Instructions: 56COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: LRjq
                      • API String ID: 0-665714880
                      • Opcode ID: 6b4a1000fc147a8d9e8420cd6b280f342b6a58d5a393a294db8a3696d2f1dff7
                      • Instruction ID: aaeda2357b80c8af049f4ef62e53d8eceac2e9c246548f05bfa4170eea49ddaa
                      • Opcode Fuzzy Hash: 6b4a1000fc147a8d9e8420cd6b280f342b6a58d5a393a294db8a3696d2f1dff7
                      • Instruction Fuzzy Hash: 7221ED7095010ADFCB44EFA8E944A9E7BF6FB44304F5085B9C415AB269EB785E09CF81
                      Function 016713A1 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cb9d469f32cd7db29baef838037b12ea295d20db5a68843462356b2013936556
                      • Instruction ID: d4e1c0b35c8bd1f3e3bd979865db4d863de31cdfe139e4c3bbf72616eaf0e8e8
                      • Opcode Fuzzy Hash: cb9d469f32cd7db29baef838037b12ea295d20db5a68843462356b2013936556
                      • Instruction Fuzzy Hash: 972134B1D0130A8FCB10DFA9C8456EEBFF0AF49314F2484AAD518A7215E7399641CF91
                      Function 01670877 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 69fe20e3b8ab93351936b4327cc9b4446483dd805f9e578c6e16d7164109d3cb
                      • Instruction ID: b7bdd9dae377edaaf64f9a3854f697f878b172a731d247a39e5411d89b1d5365
                      • Opcode Fuzzy Hash: 69fe20e3b8ab93351936b4327cc9b4446483dd805f9e578c6e16d7164109d3cb
                      • Instruction Fuzzy Hash: 7A015E32D5065A9BCB169FB8DC500DCBB72EEC6310F564656D041BB164E770295BC790
                      Function 016708F9 Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f7798e009ee0c9901b4502346e2245a81ef66e787b6dd040e99dbd334aaec947
                      • Instruction ID: c549b112384ffb74e9d4128c74c017a6a42e8b06ba61a174c19bba8e4d8ff0a0
                      • Opcode Fuzzy Hash: f7798e009ee0c9901b4502346e2245a81ef66e787b6dd040e99dbd334aaec947
                      • Instruction Fuzzy Hash: 57F02232E601098BEB15DB20C9949FFFBB6EF84300F14862AD012AB254DE706806CAD0
                      Function 01670908 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02df6af482ed505b0b33d0b8283f90b1e6802f415692d36ffc73f3a6b0fcd758
                      • Instruction ID: c44a64dfe63f24a7ab731fdf505c9f51ae69cba933ea1ecb3dd8f6e407b3cb00
                      • Opcode Fuzzy Hash: 02df6af482ed505b0b33d0b8283f90b1e6802f415692d36ffc73f3a6b0fcd758
                      • Instruction Fuzzy Hash: 89F0E232E201099BDB15DB64C9659EFBBBAAF84300F05842AD012BB254EEB0690686D1
                      Function 01670839 Relevance: .0, Instructions: 24COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1ac73416dfbbf9984745669966290abb29e6b401162b534e73df931c8555e1eb
                      • Instruction ID: cb556a3ae2d3f1e2a9eb141e632f0be8b404b6353eb053a3d1b641424f59acdf
                      • Opcode Fuzzy Hash: 1ac73416dfbbf9984745669966290abb29e6b401162b534e73df931c8555e1eb
                      • Instruction Fuzzy Hash: B0F039719493849FD702CFA499143587FB5AB02280F1A41EBE484CB257D6358D51C791
                      Function 01670848 Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7293e977054ac5f130a6b84ec4f923395a5142d88e5346942c341a0d6ef34e5d
                      • Instruction ID: 3dbd93bf4c118fdaba26c97c6521c920006190f0987855b5d5a436f9b0150381
                      • Opcode Fuzzy Hash: 7293e977054ac5f130a6b84ec4f923395a5142d88e5346942c341a0d6ef34e5d
                      • Instruction Fuzzy Hash: A4D01771905248AFEB11CFF8C90575D7BB9AB05240F664496E458CB305DB31DE11D791
                      Function 016713B0 Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000004.00000002.2053827325.0000000001670000.00000040.00000800.00020000.00000000.sdmp, Offset: 01670000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_4_2_1670000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
                      • Instruction ID: cd9d8b1697a7b2dc5fdc9c148943c36ffad05718ac8b606e8b22b32d22f20bc0
                      • Opcode Fuzzy Hash: fef043d575c0f54f122b0501c9fa8b484036c79d8b33f2a125a1e09fb6ee5efe
                      • Instruction Fuzzy Hash: 1AE067B4D0530E9F8B40EFB988421BEFFF5AB49210F6085AAD908E3300F67056518FD1

                      Execution Graph

                      Execution Coverage:8.4%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:0%
                      Total number of Nodes:164
                      Total number of Limit Nodes:2
                      execution_graph 32371 23ab778 32374 23ab870 32371->32374 32372 23ab787 32375 23ab881 32374->32375 32378 23ab8a4 32374->32378 32383 23ab27c 32375->32383 32378->32372 32379 23ab89c 32379->32378 32380 23abaa8 GetModuleHandleW 32379->32380 32381 23abad5 32380->32381 32381->32372 32385 23aba60 GetModuleHandleW 32383->32385 32386 23ab88c 32385->32386 32386->32378 32387 23abb08 32386->32387 32388 23ab27c GetModuleHandleW 32387->32388 32389 23abb1c 32388->32389 32389->32379 32390 71ef657 32391 71ef3ec 32390->32391 32392 71ef46a 32391->32392 32396 702f3a8 32391->32396 32415 702f41e 32391->32415 32435 702f3b8 32391->32435 32397 702f3b8 32396->32397 32398 702f3da 32397->32398 32454 d040266 32397->32454 32459 d0401bb 32397->32459 32463 d040239 32397->32463 32472 d04051d 32397->32472 32477 d04057d 32397->32477 32482 d040992 32397->32482 32487 d040417 32397->32487 32492 d040457 32397->32492 32497 d0402d5 32397->32497 32502 d040215 32397->32502 32507 d040288 32397->32507 32511 d04024d 32397->32511 32516 d04046d 32397->32516 32521 d04072c 32397->32521 32526 d0403ac 32397->32526 32531 d040422 32397->32531 32398->32392 32416 702f3ac 32415->32416 32417 702f421 32415->32417 32418 d040266 2 API calls 32416->32418 32419 d040422 2 API calls 32416->32419 32420 d0403ac 2 API calls 32416->32420 32421 d04072c 2 API calls 32416->32421 32422 d04046d 2 API calls 32416->32422 32423 d04024d 2 API calls 32416->32423 32424 d040288 2 API calls 32416->32424 32425 d040215 2 API calls 32416->32425 32426 d0402d5 2 API calls 32416->32426 32427 d040457 2 API calls 32416->32427 32428 d040417 2 API calls 32416->32428 32429 d040992 2 API calls 32416->32429 32430 d04057d 2 API calls 32416->32430 32431 d04051d 2 API calls 32416->32431 32432 d040239 4 API calls 32416->32432 32433 d0401bb 2 API calls 32416->32433 32434 702f3da 32416->32434 32417->32392 32418->32434 32419->32434 32420->32434 32421->32434 32422->32434 32423->32434 32424->32434 32425->32434 32426->32434 32427->32434 32428->32434 32429->32434 32430->32434 32431->32434 32432->32434 32433->32434 32434->32392 32436 702f3d2 32435->32436 32437 d040266 2 API calls 32436->32437 32438 d040422 2 API calls 32436->32438 32439 d0403ac 2 API calls 32436->32439 32440 d04072c 2 API calls 32436->32440 32441 d04046d 2 API calls 32436->32441 32442 d04024d 2 API calls 32436->32442 32443 d040288 2 API calls 32436->32443 32444 702f3da 32436->32444 32445 d040215 2 API calls 32436->32445 32446 d0402d5 2 API calls 32436->32446 32447 d040457 2 API calls 32436->32447 32448 d040417 2 API calls 32436->32448 32449 d040992 2 API calls 32436->32449 32450 d04057d 2 API calls 32436->32450 32451 d04051d 2 API calls 32436->32451 32452 d040239 4 API calls 32436->32452 32453 d0401bb 2 API calls 32436->32453 32437->32444 32438->32444 32439->32444 32440->32444 32441->32444 32442->32444 32443->32444 32444->32392 32445->32444 32446->32444 32447->32444 32448->32444 32449->32444 32450->32444 32451->32444 32452->32444 32453->32444 32455 d04026f 32454->32455 32456 d0409ba 32455->32456 32536 71ee909 32455->32536 32540 71ee910 32455->32540 32544 71eefc6 32459->32544 32548 71eefd0 32459->32548 32464 d040246 32463->32464 32465 d040221 32463->32465 32464->32465 32552 71ee778 32464->32552 32556 71ee770 32464->32556 32465->32398 32467 d04091f 32465->32467 32560 71eee38 32465->32560 32564 71eee30 32465->32564 32466 d040810 32467->32398 32473 d040537 32472->32473 32475 71ee909 WriteProcessMemory 32473->32475 32476 71ee910 WriteProcessMemory 32473->32476 32474 d040a11 32475->32474 32476->32474 32478 d040a9c 32477->32478 32480 71ee778 Wow64SetThreadContext 32478->32480 32481 71ee770 Wow64SetThreadContext 32478->32481 32479 d040667 32479->32398 32480->32479 32481->32479 32483 d040998 32482->32483 32485 71ee909 WriteProcessMemory 32483->32485 32486 71ee910 WriteProcessMemory 32483->32486 32484 d0409ba 32485->32484 32486->32484 32488 d040730 32487->32488 32568 71ee849 32488->32568 32572 71ee850 32488->32572 32489 d04074e 32493 d04052a 32492->32493 32495 71ee909 WriteProcessMemory 32493->32495 32496 71ee910 WriteProcessMemory 32493->32496 32494 d040a11 32495->32494 32496->32494 32498 d0402db 32497->32498 32499 d04034a 32498->32499 32576 71ee6c8 32498->32576 32580 71ee6c0 32498->32580 32499->32398 32503 d040221 32502->32503 32503->32398 32505 71eee38 ReadProcessMemory 32503->32505 32506 71eee30 ReadProcessMemory 32503->32506 32504 d040810 32505->32504 32506->32504 32509 71ee909 WriteProcessMemory 32507->32509 32510 71ee910 WriteProcessMemory 32507->32510 32508 d0402b6 32508->32398 32509->32508 32510->32508 32512 d040221 32511->32512 32512->32398 32514 71eee38 ReadProcessMemory 32512->32514 32515 71eee30 ReadProcessMemory 32512->32515 32513 d040810 32514->32513 32515->32513 32517 d04040c 32516->32517 32519 71eee38 ReadProcessMemory 32517->32519 32520 71eee30 ReadProcessMemory 32517->32520 32518 d040810 32519->32518 32520->32518 32522 d040730 32521->32522 32524 71ee849 VirtualAllocEx 32522->32524 32525 71ee850 VirtualAllocEx 32522->32525 32523 d04074e 32524->32523 32525->32523 32527 d0402ec 32526->32527 32528 d04034a 32527->32528 32529 71ee6c8 ResumeThread 32527->32529 32530 71ee6c0 ResumeThread 32527->32530 32528->32398 32529->32527 32530->32527 32532 d04040c 32531->32532 32534 71eee38 ReadProcessMemory 32532->32534 32535 71eee30 ReadProcessMemory 32532->32535 32533 d040810 32534->32533 32535->32533 32538 71ee90e WriteProcessMemory 32536->32538 32539 71ee9af 32538->32539 32539->32456 32541 71ee958 WriteProcessMemory 32540->32541 32543 71ee9af 32541->32543 32543->32456 32545 71eefd0 CreateProcessA 32544->32545 32547 71ef21b 32545->32547 32549 71ef059 CreateProcessA 32548->32549 32551 71ef21b 32549->32551 32551->32551 32553 71ee7bd Wow64SetThreadContext 32552->32553 32555 71ee805 32553->32555 32555->32465 32557 71ee778 Wow64SetThreadContext 32556->32557 32559 71ee805 32557->32559 32559->32465 32561 71eee83 ReadProcessMemory 32560->32561 32563 71eeec7 32561->32563 32563->32466 32565 71eee38 ReadProcessMemory 32564->32565 32567 71eeec7 32565->32567 32567->32466 32569 71ee850 VirtualAllocEx 32568->32569 32571 71ee8cd 32569->32571 32571->32489 32573 71ee890 VirtualAllocEx 32572->32573 32575 71ee8cd 32573->32575 32575->32489 32577 71ee708 ResumeThread 32576->32577 32579 71ee739 32577->32579 32579->32498 32581 71ee6c8 ResumeThread 32580->32581 32583 71ee739 32581->32583 32583->32498

                      Executed Functions

                      Function 0702E0D0 Relevance: 2.7, Strings: 2, Instructions: 192COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 17 702e0d0-702e103 19 702e105 17->19 20 702e10a-702e164 17->20 19->20 23 702e167 20->23 24 702e16e-702e18a 23->24 25 702e193-702e194 24->25 26 702e18c 24->26 27 702e2d0-702e340 25->27 28 702e199-702e1a6 25->28 26->23 26->27 26->28 29 702e212-702e227 26->29 30 702e2a1-702e2cb 26->30 31 702e1c9-702e20d 26->31 32 702e22c-702e230 26->32 33 702e25c-702e29c 26->33 49 702e342 call 71e031c 27->49 50 702e342 call 71e0859 27->50 51 702e342 call 71e0006 27->51 52 702e342 call 71e0645 27->52 53 702e342 call 71e0780 27->53 54 702e342 call 71e0040 27->54 45 702e1af-702e1c7 28->45 29->24 30->24 31->24 34 702e232-702e241 32->34 35 702e243-702e24a 32->35 33->24 39 702e251-702e257 34->39 35->39 39->24 45->24 48 702e348-702e352 49->48 50->48 51->48 52->48 53->48 54->48
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq$Tejq
                      • API String ID: 0-942063033
                      • Opcode ID: 83df557be1f77c269b0dd39c4867ed3cd5d3d0d0a326ae5cfcc0f864a8eaebfc
                      • Instruction ID: 0a6fa2a77cabf641cb182e189f30b984c973adea01d31d62c7b2f1bd231bb1dd
                      • Opcode Fuzzy Hash: 83df557be1f77c269b0dd39c4867ed3cd5d3d0d0a326ae5cfcc0f864a8eaebfc
                      • Instruction Fuzzy Hash: C981D3B5E102198FDB08CFAAC9849EEBBF2BF88300F24812AD415AB354D7359906CF50
                      Function 0702E0E0 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 55 702e0e0-702e103 56 702e105 55->56 57 702e10a-702e164 55->57 56->57 60 702e167 57->60 61 702e16e-702e18a 60->61 62 702e193-702e194 61->62 63 702e18c 61->63 64 702e2d0-702e340 62->64 65 702e199-702e1a6 62->65 63->60 63->64 63->65 66 702e212-702e227 63->66 67 702e2a1-702e2cb 63->67 68 702e1c9-702e20d 63->68 69 702e22c-702e230 63->69 70 702e25c-702e29c 63->70 86 702e342 call 71e031c 64->86 87 702e342 call 71e0859 64->87 88 702e342 call 71e0006 64->88 89 702e342 call 71e0645 64->89 90 702e342 call 71e0780 64->90 91 702e342 call 71e0040 64->91 82 702e1af-702e1c7 65->82 66->61 67->61 68->61 71 702e232-702e241 69->71 72 702e243-702e24a 69->72 70->61 76 702e251-702e257 71->76 72->76 76->61 82->61 85 702e348-702e352 86->85 87->85 88->85 89->85 90->85 91->85
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq$Tejq
                      • API String ID: 0-942063033
                      • Opcode ID: 79b26c8bcffe611a1b76b2b0dbd5ecaf7d057f29cebcc6b44fed0c3cb60add21
                      • Instruction ID: e3480b2f485583c30f94aea842f2ebccbc82719e06c03cd3949edc0b68714fd3
                      • Opcode Fuzzy Hash: 79b26c8bcffe611a1b76b2b0dbd5ecaf7d057f29cebcc6b44fed0c3cb60add21
                      • Instruction Fuzzy Hash: 4481A3B5E112198FDB08CFA9C9849EEBBF2BF89310F24812AD415AB354D7359906CF54
                      Function 071EEFC6 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 92 71eefc6-71ef065 95 71ef09e-71ef0be 92->95 96 71ef067-71ef071 92->96 101 71ef0f7-71ef126 95->101 102 71ef0c0-71ef0ca 95->102 96->95 97 71ef073-71ef075 96->97 99 71ef098-71ef09b 97->99 100 71ef077-71ef081 97->100 99->95 103 71ef085-71ef094 100->103 104 71ef083 100->104 112 71ef15f-71ef219 CreateProcessA 101->112 113 71ef128-71ef132 101->113 102->101 105 71ef0cc-71ef0ce 102->105 103->103 106 71ef096 103->106 104->103 107 71ef0d0-71ef0da 105->107 108 71ef0f1-71ef0f4 105->108 106->99 110 71ef0de-71ef0ed 107->110 111 71ef0dc 107->111 108->101 110->110 114 71ef0ef 110->114 111->110 124 71ef21b-71ef221 112->124 125 71ef222-71ef2a8 112->125 113->112 115 71ef134-71ef136 113->115 114->108 116 71ef138-71ef142 115->116 117 71ef159-71ef15c 115->117 119 71ef146-71ef155 116->119 120 71ef144 116->120 117->112 119->119 121 71ef157 119->121 120->119 121->117 124->125 135 71ef2aa-71ef2ae 125->135 136 71ef2b8-71ef2bc 125->136 135->136 137 71ef2b0 135->137 138 71ef2be-71ef2c2 136->138 139 71ef2cc-71ef2d0 136->139 137->136 138->139 140 71ef2c4 138->140 141 71ef2d2-71ef2d6 139->141 142 71ef2e0-71ef2e4 139->142 140->139 141->142 143 71ef2d8 141->143 144 71ef2f6-71ef2fd 142->144 145 71ef2e6-71ef2ec 142->145 143->142 146 71ef2ff-71ef30e 144->146 147 71ef314 144->147 145->144 146->147 149 71ef315 147->149 149->149
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071EF206
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 3d973fc437d63d2a4598e2ff700fade605b2445d0a80c6500241aca02a26073a
                      • Instruction ID: b3d5f55f09bdba15e741787d09ea0fdbdae05b8b12504721acf13fc7346d103b
                      • Opcode Fuzzy Hash: 3d973fc437d63d2a4598e2ff700fade605b2445d0a80c6500241aca02a26073a
                      • Instruction Fuzzy Hash: BBA182B1D0061ACFDB65CFA8C8507DDBBBAFF48314F148169D808A7290DB759986CF91
                      Function 071EEFD0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 150 71eefd0-71ef065 152 71ef09e-71ef0be 150->152 153 71ef067-71ef071 150->153 158 71ef0f7-71ef126 152->158 159 71ef0c0-71ef0ca 152->159 153->152 154 71ef073-71ef075 153->154 156 71ef098-71ef09b 154->156 157 71ef077-71ef081 154->157 156->152 160 71ef085-71ef094 157->160 161 71ef083 157->161 169 71ef15f-71ef219 CreateProcessA 158->169 170 71ef128-71ef132 158->170 159->158 162 71ef0cc-71ef0ce 159->162 160->160 163 71ef096 160->163 161->160 164 71ef0d0-71ef0da 162->164 165 71ef0f1-71ef0f4 162->165 163->156 167 71ef0de-71ef0ed 164->167 168 71ef0dc 164->168 165->158 167->167 171 71ef0ef 167->171 168->167 181 71ef21b-71ef221 169->181 182 71ef222-71ef2a8 169->182 170->169 172 71ef134-71ef136 170->172 171->165 173 71ef138-71ef142 172->173 174 71ef159-71ef15c 172->174 176 71ef146-71ef155 173->176 177 71ef144 173->177 174->169 176->176 178 71ef157 176->178 177->176 178->174 181->182 192 71ef2aa-71ef2ae 182->192 193 71ef2b8-71ef2bc 182->193 192->193 194 71ef2b0 192->194 195 71ef2be-71ef2c2 193->195 196 71ef2cc-71ef2d0 193->196 194->193 195->196 197 71ef2c4 195->197 198 71ef2d2-71ef2d6 196->198 199 71ef2e0-71ef2e4 196->199 197->196 198->199 200 71ef2d8 198->200 201 71ef2f6-71ef2fd 199->201 202 71ef2e6-71ef2ec 199->202 200->199 203 71ef2ff-71ef30e 201->203 204 71ef314 201->204 202->201 203->204 206 71ef315 204->206 206->206
                      APIs
                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 071EF206
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 4c99697d9b14fd33b58a52304474b5b91110f000f047af18dbaf6a18ba261c34
                      • Instruction ID: 661d71eb33aadbe016450755c8d99b59119c14c0f7956fc0c9350dd31d324d8a
                      • Opcode Fuzzy Hash: 4c99697d9b14fd33b58a52304474b5b91110f000f047af18dbaf6a18ba261c34
                      • Instruction Fuzzy Hash: 29916FB1D0061ACFDB65CFA8C9507EDBBBAFF48310F148169D808A7290DB759986CF91
                      Function 023AB870 Relevance: 1.7, APIs: 1, Instructions: 199COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 207 23ab870-23ab87f 208 23ab8ab-23ab8af 207->208 209 23ab881-23ab88e call 23ab27c 207->209 210 23ab8c3-23ab904 208->210 211 23ab8b1-23ab8bb 208->211 216 23ab890-23ab89e call 23abb08 209->216 217 23ab8a4 209->217 218 23ab911-23ab91f 210->218 219 23ab906-23ab90e 210->219 211->210 216->217 226 23ab9e0-23abaa0 216->226 217->208 220 23ab943-23ab945 218->220 221 23ab921-23ab926 218->221 219->218 223 23ab948-23ab94f 220->223 224 23ab928-23ab92f call 23ab288 221->224 225 23ab931 221->225 227 23ab95c-23ab963 223->227 228 23ab951-23ab959 223->228 230 23ab933-23ab941 224->230 225->230 257 23abaa8-23abad3 GetModuleHandleW 226->257 258 23abaa2-23abaa5 226->258 231 23ab970-23ab979 call 23ab298 227->231 232 23ab965-23ab96d 227->232 228->227 230->223 238 23ab97b-23ab983 231->238 239 23ab986-23ab98b 231->239 232->231 238->239 240 23ab9a9-23ab9b0 call 23abde8 239->240 241 23ab98d-23ab994 239->241 244 23ab9b3-23ab9b6 240->244 241->240 243 23ab996-23ab9a6 call 23ab2a8 call 23ab2b8 241->243 243->240 247 23ab9b8-23ab9d6 244->247 248 23ab9d9-23ab9df 244->248 247->248 259 23abadc-23abaf0 257->259 260 23abad5-23abadb 257->260 258->257 260->259
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084545322.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_23a0000_Quote List.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: ef57bec61e1a09869760e7fcbf53aa38585807cafd2177311025b17f943cf1c6
                      • Instruction ID: edde45c7fdb89f2c3340e26c1e154e06fcda7b0f74f9b3e3d895ec6869af2276
                      • Opcode Fuzzy Hash: ef57bec61e1a09869760e7fcbf53aa38585807cafd2177311025b17f943cf1c6
                      • Instruction Fuzzy Hash: F9713570A00B058FDB24DF69D05475ABBF6FF98308F008A2DD48ADBA50DB75E845CB90
                      Function 071EE909 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 372 71ee909-71ee90c 373 71ee90e-71ee95e 372->373 374 71ee979-71ee9ad WriteProcessMemory 372->374 380 71ee96e-71ee977 373->380 381 71ee960-71ee96c 373->381 377 71ee9af-71ee9b5 374->377 378 71ee9b6-71ee9e6 374->378 377->378 380->374 381->380
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071EE9A0
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 07532918712fafa7083662a7746a2e954ed286977bdcc131f8a7881c180c6b41
                      • Instruction ID: 7bb567dc00ebb12e632fa47a915936106e33e525b154494e5ecf72e5aa6b97ed
                      • Opcode Fuzzy Hash: 07532918712fafa7083662a7746a2e954ed286977bdcc131f8a7881c180c6b41
                      • Instruction Fuzzy Hash: C52148B1D007099FDB10DFAAC844BEEBBF5FF48310F108429E959A7241C7789544CBA0
                      Function 071EE910 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 385 71ee910-71ee95e 387 71ee96e-71ee9ad WriteProcessMemory 385->387 388 71ee960-71ee96c 385->388 391 71ee9af-71ee9b5 387->391 392 71ee9b6-71ee9e6 387->392 388->387 391->392
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 071EE9A0
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 4d9446b1c233e321cdd2a493551d5e7915df6d264afc313b72788cac53044144
                      • Instruction ID: 96d0f10e4fa22267742c13064aa173d23c6eb1f39f88b94a059a8baedda2b58c
                      • Opcode Fuzzy Hash: 4d9446b1c233e321cdd2a493551d5e7915df6d264afc313b72788cac53044144
                      • Instruction Fuzzy Hash: E5213BB19003099FDF10DFAAC945BEEBBF5FF48310F108429E959A7251C7789544CBA0
                      Function 071EE770 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 396 71ee770-71ee7c3 399 71ee7c5-71ee7d1 396->399 400 71ee7d3-71ee803 Wow64SetThreadContext 396->400 399->400 402 71ee80c-71ee83c 400->402 403 71ee805-71ee80b 400->403 403->402
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071EE7F6
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 696b2ba2f1629a46ef229729365afde34eeccf11be69cb9d05784be15a5a34d6
                      • Instruction ID: 1f9631eb1ad60d3a4455c198b2408052d92e178618b48aafbca6b8af8844278c
                      • Opcode Fuzzy Hash: 696b2ba2f1629a46ef229729365afde34eeccf11be69cb9d05784be15a5a34d6
                      • Instruction Fuzzy Hash: B52137B1D007099FDB10DFAAC485BEEBBF8EF48324F148429D459A7241DB79A945CBA0
                      Function 071EEE30 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 407 71eee30-71eeec5 ReadProcessMemory 411 71eeece-71eeefe 407->411 412 71eeec7-71eeecd 407->412 412->411
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071EEEB8
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: 4c3fe47c7c87e56dbc7b2b5a91ccb39d2d58c08c07925effdecadc7201a1faaf
                      • Instruction ID: b4a22e39fea392c84551dd66c4e45b7c5afe283c40e53d56cbcf54e5d36590e5
                      • Opcode Fuzzy Hash: 4c3fe47c7c87e56dbc7b2b5a91ccb39d2d58c08c07925effdecadc7201a1faaf
                      • Instruction Fuzzy Hash: 442128B1C007499FDB10DFAAC945AEEBBF5FF48310F50882AE519A7250C7799545CBA0
                      Function 071EE778 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 416 71ee778-71ee7c3 418 71ee7c5-71ee7d1 416->418 419 71ee7d3-71ee803 Wow64SetThreadContext 416->419 418->419 421 71ee80c-71ee83c 419->421 422 71ee805-71ee80b 419->422 422->421
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 071EE7F6
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 9f405852521b47b2f7ffd417912a61980fb85c532c7aff8910d7a8727ef187bb
                      • Instruction ID: 0752987fd3ff99dabd07ab3e2ae104648dd6e2e24a63bc701dea5e0f4458307e
                      • Opcode Fuzzy Hash: 9f405852521b47b2f7ffd417912a61980fb85c532c7aff8910d7a8727ef187bb
                      • Instruction Fuzzy Hash: 332129B1D007099FDB10DFAAC5857EEBBF4EF49310F148429D519A7241CB78A944CFA0
                      Function 071EEE38 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 426 71eee38-71eeec5 ReadProcessMemory 429 71eeece-71eeefe 426->429 430 71eeec7-71eeecd 426->430 430->429
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 071EEEB8
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: 354c7460831bd61bbe565089e182d054f9b35da8fb2d0e8380b20700a772dc21
                      • Instruction ID: 94882b20f1ee2302d2397ad0464c50456d52886962844d05461fa9d27b916676
                      • Opcode Fuzzy Hash: 354c7460831bd61bbe565089e182d054f9b35da8fb2d0e8380b20700a772dc21
                      • Instruction Fuzzy Hash: 262137B1C003499FDB10DFAAC984AEEFBF5FF48310F10842AE519A7250C778A944CBA0
                      Function 071EE849 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 434 71ee849-71ee8cb VirtualAllocEx 438 71ee8cd-71ee8d3 434->438 439 71ee8d4-71ee8f9 434->439 438->439
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071EE8BE
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: 8d89465091db7a8e5a2e4b1416dc4f4ddf8b8192e2d8d4f534cbd1db8ff49a0e
                      • Instruction ID: 90f2805e5456fe2fb225f3d12340971359af70c51bd1b07c777f74638fe58418
                      • Opcode Fuzzy Hash: 8d89465091db7a8e5a2e4b1416dc4f4ddf8b8192e2d8d4f534cbd1db8ff49a0e
                      • Instruction Fuzzy Hash: 931147B18002499BDB10DFAAC845BEFBFF9EF88320F148819E519A7250C779A554CFA1
                      Function 071EE6C0 Relevance: 1.6, APIs: 1, Instructions: 53threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 443 71ee6c0-71ee737 ResumeThread 447 71ee739-71ee73f 443->447 448 71ee740-71ee765 443->448 447->448
                      APIs
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: f761228d3ef0a3d9b08addbea41dd79a140224c9ee0ce9fed16261111b9b77dd
                      • Instruction ID: 02d821a8b1933a27d25848317b1555df6d88524d55f4ba8b34015fd52373f969
                      • Opcode Fuzzy Hash: f761228d3ef0a3d9b08addbea41dd79a140224c9ee0ce9fed16261111b9b77dd
                      • Instruction Fuzzy Hash: 921137B1C007498ADB20DFAAC4487AEFBF9EF48324F248419D419A7240CB79A544CBA4
                      Function 071EE850 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                      Download Yara Rule
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 071EE8BE
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: b94337faf2a96624e35775bc42282e5ce8c29e058a33ea7e6fff7accd3aa3019
                      • Instruction ID: e8b068805773dee380bb9db78ace5a955a1c1d7f61d8e87fa8e38708f9e3920e
                      • Opcode Fuzzy Hash: b94337faf2a96624e35775bc42282e5ce8c29e058a33ea7e6fff7accd3aa3019
                      • Instruction Fuzzy Hash: 4A1137B18002499FDB10DFAAC845AEFBFF9EF48320F148819E519A7250C779A554CFA1
                      Function 023AB27C Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,023AB88C), ref: 023ABAC6
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084545322.00000000023A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 023A0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_23a0000_Quote List.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: fa399c83a085912b13060c4e60c9a9d52b3f3d32c3657d4b98388837da1a759a
                      • Instruction ID: fd144434df0be64951b0007d4b1e8bd1f04ab6dac050fe093ab58c9f0d736bd2
                      • Opcode Fuzzy Hash: fa399c83a085912b13060c4e60c9a9d52b3f3d32c3657d4b98388837da1a759a
                      • Instruction Fuzzy Hash: 231132B5D003488FDB10DF9AC444B9EFBF9EF89214F10842AD419B7210C379A545CFA0
                      Function 071EE6C8 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                      Download Yara Rule
                      APIs
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088577184.00000000071E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 071E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_71e0000_Quote List.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 859d2f38bd9e21f010e9f4d4e75707689513abf3eae153fe9d9b110f969a4afc
                      • Instruction ID: 528a89053d61165cb6a652038600da6a31ebc144a3a28bec08c05253210cee9e
                      • Opcode Fuzzy Hash: 859d2f38bd9e21f010e9f4d4e75707689513abf3eae153fe9d9b110f969a4afc
                      • Instruction Fuzzy Hash: 72113AB1D007498FDB10DFAAC4457AEFBF9EF88320F148829D519A7250CB79A944CBA4
                      Function 07025AE8 Relevance: 1.5, Strings: 1, Instructions: 268COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: acf472e60753aa87b242ceed9a69804b1434c4996e9244d6a8dfb8b798006a22
                      • Instruction ID: ed3f887ef8e558275b9a6ea559c954e860b79709d660c8dcf1b531012828bc74
                      • Opcode Fuzzy Hash: acf472e60753aa87b242ceed9a69804b1434c4996e9244d6a8dfb8b798006a22
                      • Instruction Fuzzy Hash: 3CD10B7590021ACFCF04CFA8C8849EDB7B1FF48314B218799D81667259E734AE9ACF90
                      Function 07025AD9 Relevance: 1.4, Strings: 1, Instructions: 200COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID: 0-3916222277
                      • Opcode ID: 6fb037d723b3d409389a8ec160dc144cb2eb5d28193443810c08549b4d290aa0
                      • Instruction ID: 474c1b357cacf402ad37c4badf19f08d21f421c9be277de9bd7eadbb354c5f38
                      • Opcode Fuzzy Hash: 6fb037d723b3d409389a8ec160dc144cb2eb5d28193443810c08549b4d290aa0
                      • Instruction Fuzzy Hash: 7DA1FB7590021ACFCF04DFA8C8849DDB7B1FF58314B218799D8166B259EB34AD9ACF80
                      Function 07028C84 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq
                      • API String ID: 0-2468842661
                      • Opcode ID: e1e10edd4692756cc617edeb7f81b6bc1d4134c74310cf8cbe795eb014b7a8bb
                      • Instruction ID: 520abe9fdb5f63821d6edbe67a870a780824714926b7205a137186d0cc94a048
                      • Opcode Fuzzy Hash: e1e10edd4692756cc617edeb7f81b6bc1d4134c74310cf8cbe795eb014b7a8bb
                      • Instruction Fuzzy Hash: F751C1B2B002159FCB15DB7998449AFBBF6FFC5320B258669E419D7391EF309C068790
                      Function 0702B8A7 Relevance: 1.3, Strings: 1, Instructions: 87COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: k
                      • API String ID: 0-140662621
                      • Opcode ID: ab2aee23eb9363448104818ca39fb6237a274db563473bece5eff9c68a2110bc
                      • Instruction ID: 1d8cd53b3cb3da2741d1279c8f8852efc8cdb5d3d7d07b807efed791fde3bcda
                      • Opcode Fuzzy Hash: ab2aee23eb9363448104818ca39fb6237a274db563473bece5eff9c68a2110bc
                      • Instruction Fuzzy Hash: 2E210EB29053914FCB12DB3C9C605EE7FF1EFC2260B194666C454DB251EA349D0BC791
                      Function 07028EA0 Relevance: 1.3, Strings: 1, Instructions: 63COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: (u|
                      • API String ID: 0-3269754606
                      • Opcode ID: 7dc6d7242425a492c5bc955981659f27b95b77938c63ec9caefbd04131c1db72
                      • Instruction ID: 67eb9944e8ba367237a0c9366717a128403281b837a604f4018a2d43247c7b5a
                      • Opcode Fuzzy Hash: 7dc6d7242425a492c5bc955981659f27b95b77938c63ec9caefbd04131c1db72
                      • Instruction Fuzzy Hash: DE21CA72800B4187EB00AF29C850281B361FF85324F6987BACD4D3F356EB71798AC7A0
                      Function 0702B408 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: Tejq
                      • API String ID: 0-2468842661
                      • Opcode ID: de0dd9c78adfdff84f7c343ead168c23ea56cdcfc9440dd7a9e3fb0a7cafa654
                      • Instruction ID: 2e019c59467aa2066494d1473ca3b3d152ecb682615a2b0092dade9e3e8402a1
                      • Opcode Fuzzy Hash: de0dd9c78adfdff84f7c343ead168c23ea56cdcfc9440dd7a9e3fb0a7cafa654
                      • Instruction Fuzzy Hash: C9118CB2F0021A8BCB44EBB899505EEB7F6AB88210B604069C514E7354EB358E02DBA1
                      Function 07028EB0 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: (u|
                      • API String ID: 0-3269754606
                      • Opcode ID: d7eebbe436b147c9ba34e718beea6c274c3349b35ed0735776daf51f3c725935
                      • Instruction ID: 38d3dabdc90b8ae11f40d5b4ba66d582157a47639ba054e011ddc661be1b1d38
                      • Opcode Fuzzy Hash: d7eebbe436b147c9ba34e718beea6c274c3349b35ed0735776daf51f3c725935
                      • Instruction Fuzzy Hash: E8119772C00B5186EB10AF29C840681B361FF94324F198BBACC4D3F346EB71B895CBA0
                      Function 0D040288 Relevance: 1.3, Strings: 1, Instructions: 32COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: (
                      • API String ID: 0-3887548279
                      • Opcode ID: 5e31d7dbcc672d0d7ee32ca27723208d64a5fd19c65cb54e76f2b014987d0e2c
                      • Instruction ID: 73af7680d4cf6caafc74e4237299d526f3c90378d24e0e6a55aa949ba67cb9fa
                      • Opcode Fuzzy Hash: 5e31d7dbcc672d0d7ee32ca27723208d64a5fd19c65cb54e76f2b014987d0e2c
                      • Instruction Fuzzy Hash: 0401EF75909228DFEBA5DF64C944BECBBB8FB49304F0091E9D509A3291CB319A85CF00
                      Function 07021C90 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: V
                      • API String ID: 0-1342839628
                      • Opcode ID: 88fbef31ebde344613057cc4a4403e17af5136a145f7638af796bbde493d7bb3
                      • Instruction ID: df6d9760370b4f449a47c1f670f55eaf06027dce1a6719f8c9c3a793fe6e7d75
                      • Opcode Fuzzy Hash: 88fbef31ebde344613057cc4a4403e17af5136a145f7638af796bbde493d7bb3
                      • Instruction Fuzzy Hash: 38E086B62516418FC344CF34F9424C47FA1EF0164576268A5E1468B572D532C5078705
                      Function 07026290 Relevance: .7, Instructions: 729COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1d495a39d640eec396be253f1bbe2d5b60caab2832d2ba9b2927a99b30368690
                      • Instruction ID: e998c98535beb56769ce2a5cb01fe53f72f6c1726f37c90c2dea30e16bf01ac2
                      • Opcode Fuzzy Hash: 1d495a39d640eec396be253f1bbe2d5b60caab2832d2ba9b2927a99b30368690
                      • Instruction Fuzzy Hash: E4723E75910619CFCB15EF68C898AADB7B1FF45304F008299D549A7265EF34AECACF80
                      Function 07022478 Relevance: .6, Instructions: 551COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab8afa71c60b51c7239cd755e58ec55baa031eb4e5ccb69226ee551895bc818b
                      • Instruction ID: 5fe9d07f661f3349fc73639a9d45b06bc840014cd80e9722de2e7eaf6acd1817
                      • Opcode Fuzzy Hash: ab8afa71c60b51c7239cd755e58ec55baa031eb4e5ccb69226ee551895bc818b
                      • Instruction Fuzzy Hash: B842F971E1062ACFCB15EFA8C8946DDB7B1FF89300F118699D459B7261EB30AA85DF40
                      Function 07027780 Relevance: .5, Instructions: 500COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 77675974fc7284da2262abe77ec4b632ced48b0cc928faa011b4fdb3fc365359
                      • Instruction ID: 5c875fcce3fced22311e4107c17e477254fc82acaf35472cf6dc2ae91e2cb1a3
                      • Opcode Fuzzy Hash: 77675974fc7284da2262abe77ec4b632ced48b0cc928faa011b4fdb3fc365359
                      • Instruction Fuzzy Hash: 94223675A00215CFDB54DF68C884BADB7F2FF89304F1486A9D50AAB3A5DB30AD46CB50
                      Function 070263C0 Relevance: .4, Instructions: 418COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 32a775f6249f2cfe12c4d9f3bdc3166d04800db984a1223e54881281133b0f57
                      • Instruction ID: 21069ed2d539dcd96822c0777d71fc7ad17d2442f16eca0185e7414f9f029fed
                      • Opcode Fuzzy Hash: 32a775f6249f2cfe12c4d9f3bdc3166d04800db984a1223e54881281133b0f57
                      • Instruction Fuzzy Hash: 45120A75A006298FCB15EF68C8947DDB7B1FF45300F118299D94AA7265EF34AE86CF80
                      Function 07022468 Relevance: .3, Instructions: 331COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 88a579ee430749a52874deb4813d4eab9a1edc5077c9a6a82e0429961ef3ea6d
                      • Instruction ID: dccdf34cfc70bdfe36cfcf78dee48878fa3a618b8ce094823e53242c735138fd
                      • Opcode Fuzzy Hash: 88a579ee430749a52874deb4813d4eab9a1edc5077c9a6a82e0429961ef3ea6d
                      • Instruction Fuzzy Hash: E5E1FB72E00629CFCB65DFA8C8946DDB7B1BF49300F118699D459AB261EB30AD86DF40
                      Function 0D041820 Relevance: .3, Instructions: 285COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9f0f896f673ec3b9ed2afdef3975e7e445fdb280295bf35f74557407fd4ace0
                      • Instruction ID: 63ffff74e5fd9a5863659ecc9138253a105c52d656de21b81d29b24443d1484d
                      • Opcode Fuzzy Hash: e9f0f896f673ec3b9ed2afdef3975e7e445fdb280295bf35f74557407fd4ace0
                      • Instruction Fuzzy Hash: 4DB18974B022049FEB54DF68D554AAE7BF6EF89700F2480A9E50ADB3A1CB70ED41CB51
                      Function 07025808 Relevance: .2, Instructions: 223COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b6c3ebcd6e2d3a26df0d7247a5a5d22f55c7591d4d7b731e13bc78052dec050
                      • Instruction ID: ca6faf50e8d13864c5560d9034af9a239e52f953b8702505259fae6283213de0
                      • Opcode Fuzzy Hash: 0b6c3ebcd6e2d3a26df0d7247a5a5d22f55c7591d4d7b731e13bc78052dec050
                      • Instruction Fuzzy Hash: 91912CB190061ADFCB41DF68C880999FBF5FF49320B14879AE819AB255E730ED95CBC0
                      Function 070241F1 Relevance: .2, Instructions: 184COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5d975a85e4982b70751056e9c9b643b9760bba0edb6e506f49f421b35a1a8170
                      • Instruction ID: ccf51a9946edd99ba9d9a245b3076f88b8c499465cbb09a7101e6e05addaaa4b
                      • Opcode Fuzzy Hash: 5d975a85e4982b70751056e9c9b643b9760bba0edb6e506f49f421b35a1a8170
                      • Instruction Fuzzy Hash: 2971DDB9600A10CFC718DF29C488959BBF2BF89214B158AA9E54ACB772DB71EC45CF50
                      Function 0702AD80 Relevance: .2, Instructions: 183COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f82d2f62923e1c00b458e34c8c921b69c5076bb47df151c494b0e6368165bde7
                      • Instruction ID: ef7f38530d8d34e7c1a6b9ed939a0307559ea3e205513668328fba48ac63e2c6
                      • Opcode Fuzzy Hash: f82d2f62923e1c00b458e34c8c921b69c5076bb47df151c494b0e6368165bde7
                      • Instruction Fuzzy Hash: 34718CB1B002198FDF54EFA8C8546AEB7F6FF88304F008569D906A7390EF349946DB90
                      Function 07024010 Relevance: .2, Instructions: 172COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ba13ee68edf4ca038135180b179d22f63e8b611f889356c5497754494a4d0ec4
                      • Instruction ID: 8228f6dd34ea6cc6af7452d10a544dba90b3db691a6f445c1d4077313a4964a2
                      • Opcode Fuzzy Hash: ba13ee68edf4ca038135180b179d22f63e8b611f889356c5497754494a4d0ec4
                      • Instruction Fuzzy Hash: 1A71B1B5A002568FC754CF68D584999FBF1FF49310B1986A9E80ADB362D734EC86CF90
                      Function 07027772 Relevance: .2, Instructions: 166COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 58f2fb6e025ac6800b92e49e6d96163f3b47719dce448903dd55e1b258b62b1c
                      • Instruction ID: a22075b59ab9eb90179b338e8ec1b70ad862ba3ea16712d2fb4cf4a9fef7aeb1
                      • Opcode Fuzzy Hash: 58f2fb6e025ac6800b92e49e6d96163f3b47719dce448903dd55e1b258b62b1c
                      • Instruction Fuzzy Hash: D15167716106108FDB58EF29C894B9D77E2FF89314F1486B8D6069B3A5DB74A80ACB50
                      Function 07023102 Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: db02cabbe40f9f2916ee51636ca598fa8623c1dcb50aad0f14d9e389de6f5142
                      • Instruction ID: 927aafa0ddc05ba52405e8f043d71367ddf7c5578194ced4a3d9b1e61f422d6d
                      • Opcode Fuzzy Hash: db02cabbe40f9f2916ee51636ca598fa8623c1dcb50aad0f14d9e389de6f5142
                      • Instruction Fuzzy Hash: 07413E35A10709CFCB04EF78C8849DDBBB6FF85304F008559E116AB365EB71A946CB81
                      Function 07023FFF Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e8c2c147ffada4bcf2ace728c12eb9ccaf6313e2ea77808908ef820f99950d65
                      • Instruction ID: a739a5e24d6b42d16991ac1c26c86e8acbdee4f10244fbf69f091aebd80c3daf
                      • Opcode Fuzzy Hash: e8c2c147ffada4bcf2ace728c12eb9ccaf6313e2ea77808908ef820f99950d65
                      • Instruction Fuzzy Hash: 89413AB5A002568FC714CF28C584999FBF1FF49300B1586AAE84ACB352D731ED86CF90
                      Function 07023110 Relevance: .1, Instructions: 101COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dbb2fa4a654dedb0bccce488272323bb075ea07e7b3e6d8c76d0cd1d555b8537
                      • Instruction ID: 56e002402e146e6372112e0eda0cae5088f9673ebe161fd3192568666c291221
                      • Opcode Fuzzy Hash: dbb2fa4a654dedb0bccce488272323bb075ea07e7b3e6d8c76d0cd1d555b8537
                      • Instruction Fuzzy Hash: D1413D34A1071ACFCB04EF68C8849DDF7B6FF89304F008559E516AB365EB71A946CB81
                      Function 070211B9 Relevance: .1, Instructions: 99COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f538758cde53dc799affd90878e87066190b75c57e62d97b12fd2798ea314678
                      • Instruction ID: bbc50067b65d5d8afc21f6a095e9622af7149bf09937894bd8d7ece1ab2b6a2e
                      • Opcode Fuzzy Hash: f538758cde53dc799affd90878e87066190b75c57e62d97b12fd2798ea314678
                      • Instruction Fuzzy Hash: 0A41D975A0020ADFCB44DF68D88499AFBB5FF49314B14C699E918EB311E730A996CF90
                      Function 070211C8 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0859f322624e63b71d3dc1431ec21f9c4e6a085baec1845938d682c831b8ad38
                      • Instruction ID: e7033cbce04269332b080894dd9e4932d3809cbed5dd38b852039ffe4060feaa
                      • Opcode Fuzzy Hash: 0859f322624e63b71d3dc1431ec21f9c4e6a085baec1845938d682c831b8ad38
                      • Instruction Fuzzy Hash: 1E41E575A0020ADFCB40DFA9D88499AFBB5FF49314B14C699E918AB311E730AD85CF90
                      Function 07023008 Relevance: .1, Instructions: 92COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d7c6a4fc7653915b6bdac921de65c7e23e2d2897b3c6b4d5375f95a6dad31afd
                      • Instruction ID: 22a6be701fd21e3f54eeaf0b4073c101f6824509077aa11cad6366bf5f98331c
                      • Opcode Fuzzy Hash: d7c6a4fc7653915b6bdac921de65c7e23e2d2897b3c6b4d5375f95a6dad31afd
                      • Instruction Fuzzy Hash: F6318F36A00219DFCF04EB64E8548DDF7B6FFC9214B048669E506AB360EB35BD46CB91
                      Function 070215A8 Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dda90c49fa3cf0daf30d947c24a6baa6eae8ad40970def78448a6bf2c798a2fb
                      • Instruction ID: c8796c1ab73d2133d9d4d5011b08546162d782a49e88cfdad4b5e6684ebeb027
                      • Opcode Fuzzy Hash: dda90c49fa3cf0daf30d947c24a6baa6eae8ad40970def78448a6bf2c798a2fb
                      • Instruction Fuzzy Hash: 6B2191B33101158FD7548B2DD884A697BD5FF85320F1982B9E11ACF3A6DB25DC029B90
                      Function 0702A4B8 Relevance: .1, Instructions: 89COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f45a68f6ccc56886368f6de84aecb62965c7321b08a01faa5cbeb377728c64a9
                      • Instruction ID: ee17d51e3649610e54eced648bd43e1f12b12662ccc2ea87ad3a94db27c6959f
                      • Opcode Fuzzy Hash: f45a68f6ccc56886368f6de84aecb62965c7321b08a01faa5cbeb377728c64a9
                      • Instruction Fuzzy Hash: 663167B6300A21CFC760DF29C08086ABBF6FF89311751866AE946CB721DB31EC46DB50
                      Function 07028C34 Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 281bad0aaf4ea3c470a34a73c0a03ab6bd9e8a2b5120a4f4797311a308768c3c
                      • Instruction ID: 778e3be0a57be88c492a5c60f6dbf9f1ced9be638a05c11149ed953973d1515c
                      • Opcode Fuzzy Hash: 281bad0aaf4ea3c470a34a73c0a03ab6bd9e8a2b5120a4f4797311a308768c3c
                      • Instruction Fuzzy Hash: A93158B5300621CFC760DF19C08496AB7F6FF89311B50856AE94ACB721DB31EC42DB50
                      Function 0702803A Relevance: .1, Instructions: 87COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 682befca766a5bf7d284e92c549311309b7549eb5415af4cebef14ab1c65d1ad
                      • Instruction ID: a656841add46f35e132a0f58bb45a562f5b2d36c36c3a1a63bc09097072af13b
                      • Opcode Fuzzy Hash: 682befca766a5bf7d284e92c549311309b7549eb5415af4cebef14ab1c65d1ad
                      • Instruction Fuzzy Hash: CA2104B67083908FC3168B35D8999697FE6EF8620071985EED046CB7A2CA749C0BC741
                      Function 0D040239 Relevance: .1, Instructions: 81COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 89c332f1b16cba64d1bd1a1d33f85a88a4b75b069496c78a20c50e1f99b70845
                      • Instruction ID: f8511e537c198044c3f9dd067d11fc218db3dd7933f06da4144e0f9cf4b4922b
                      • Opcode Fuzzy Hash: 89c332f1b16cba64d1bd1a1d33f85a88a4b75b069496c78a20c50e1f99b70845
                      • Instruction Fuzzy Hash: 5531D1B5905228CFEB25DF65C944BEDBBF9BB49301F04D0E9950DA7292C3749A86CF40
                      Function 0234D06C Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084264560.000000000234D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0234D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_234d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a0e2b3209ef2f578d2d47816c4911e6a0bca6936c5f9478e1e5252e4f65ae5dc
                      • Instruction ID: 26d91a5877ea1d97f37e40568d24292db4e23c45aa05ab1a57bd6186ccf5259b
                      • Opcode Fuzzy Hash: a0e2b3209ef2f578d2d47816c4911e6a0bca6936c5f9478e1e5252e4f65ae5dc
                      • Instruction Fuzzy Hash: 06212471100208DFDB159F54D9C0B16BFA5FB8C314F2085A9ED090B256C73AE416CBA1
                      Function 0235D2F0 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084346612.000000000235D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0235D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_235d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c945e02ba6eec23951cd16a8556fda02755dca86581fbf2a133bbba561a009ae
                      • Instruction ID: 9ff68e24b7436414991369caf1c5f9ccefbf246ea8d1a532ea84ef95a12b6a9a
                      • Opcode Fuzzy Hash: c945e02ba6eec23951cd16a8556fda02755dca86581fbf2a133bbba561a009ae
                      • Instruction Fuzzy Hash: 4921F2B1604208DFDB04DF24D9C0F26BB69FB84314F20C569DC4E4B356C33AD446CA61
                      Function 0235D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084346612.000000000235D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0235D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_235d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c1089febc608caa68e8e61b90595cc6c4363068852fa1515cefd19e3668fe992
                      • Instruction ID: 685153a2fbeb3a03e2234dd9a2a231ef7ed7428a23c3e3f3ee4d3c71ef12c5fd
                      • Opcode Fuzzy Hash: c1089febc608caa68e8e61b90595cc6c4363068852fa1515cefd19e3668fe992
                      • Instruction Fuzzy Hash: 4521D071604208DFDB14DF24D984F26BB69FF88314F20C569DD0E4B256C33AD407CAA2
                      Function 07028C24 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 65a046a7f5c60e5f3bf792c9c9ff82a84ce3d5cab0932da4b77b4580bb63fb15
                      • Instruction ID: eeb18faeaadf09b7cb80e249518fae3577d3163ccf1107d2efebaea03a1c1bd8
                      • Opcode Fuzzy Hash: 65a046a7f5c60e5f3bf792c9c9ff82a84ce3d5cab0932da4b77b4580bb63fb15
                      • Instruction Fuzzy Hash: AE2192B6710221AFCB649E19D480E6B73FAFB88714F00852EE50697B10C731F842DB50
                      Function 07026DD0 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6edaf8a33a5e92f0b90e801921a7e660f0fc68d5db0adb23b9cf0cf6e968ccd5
                      • Instruction ID: aedf8f16250df3cce59f36381dd3bd9c73a61e0429fcaf17c81534c0a291b917
                      • Opcode Fuzzy Hash: 6edaf8a33a5e92f0b90e801921a7e660f0fc68d5db0adb23b9cf0cf6e968ccd5
                      • Instruction Fuzzy Hash: 782133729106199FCB10EF6CD84059AFBF5FF49310B50C36AE959A7200EB31A999CBD1
                      Function 0702BA94 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 445bacd910d212e76bf8e3fc01d3cbb3a4831981bbc759c0266d339d8622b738
                      • Instruction ID: dd6ee46bef3970fa6760c1b10a9e8cec30d409dabb307b9f8791e791c3480476
                      • Opcode Fuzzy Hash: 445bacd910d212e76bf8e3fc01d3cbb3a4831981bbc759c0266d339d8622b738
                      • Instruction Fuzzy Hash: 0031F1B1C01318DFDB20DFA9C984B9EBFF5EB08310F24811AE408BB254D7B55846CBA5
                      Function 0702F41E Relevance: .1, Instructions: 69COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37864eaf1af182f28cf1265b87370c6a9c0e248f31438257c5884daa7dbd4b68
                      • Instruction ID: 88c069681c57044d364b168ca782affd5b21dd41b759eb800fb3dd92ba0bda3e
                      • Opcode Fuzzy Hash: 37864eaf1af182f28cf1265b87370c6a9c0e248f31438257c5884daa7dbd4b68
                      • Instruction Fuzzy Hash: 482150B1D09219DFDB48CFA5D5447ADBBF6EF89300F10816AD408A3291D7781A06DF80
                      Function 07029E51 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fa6146bc2b3be1cd425f0f3d53018df738513885e873c1ceaef268bff593f469
                      • Instruction ID: 20da4838bf56f54f224e5173737b969662f6272b1a329cbde825763114bc17ef
                      • Opcode Fuzzy Hash: fa6146bc2b3be1cd425f0f3d53018df738513885e873c1ceaef268bff593f469
                      • Instruction Fuzzy Hash: 4C218CB6714221AFDB649E15C4C0A6A77FAFB88718F10852DE50697B21C731F842DB60
                      Function 07028DC8 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ee12260247915d4cf58ef73307aa0b30e41af5333e25f1d6c51f13dcf7651060
                      • Instruction ID: b6161b8f98687854e0a335b7c5381d4d55d941207addb41b124a4b259fb750eb
                      • Opcode Fuzzy Hash: ee12260247915d4cf58ef73307aa0b30e41af5333e25f1d6c51f13dcf7651060
                      • Instruction Fuzzy Hash: 3631E0B1C01218EFDB21DF99C588B9EBFF4EB09314F24851AE408BB254D7B5A845CBA5
                      Function 07028C18 Relevance: .1, Instructions: 67COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9d21b37d213992a00066a03e97059c751568cee1ce4e4bbd123afb1c3ee9a74f
                      • Instruction ID: ca5b53617a990ff510f422b7a9a3fd13c43b8b23d7e32167bd1d52d95f3e7177
                      • Opcode Fuzzy Hash: 9d21b37d213992a00066a03e97059c751568cee1ce4e4bbd123afb1c3ee9a74f
                      • Instruction Fuzzy Hash: EC219FB6714221AFCB609F19C490E6A77FAFF88724F00852DEA1697B60D731F842DB51
                      Function 0702A418 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0fc4f9b81de9ef3a2881258f6c6986ddd42121392d168565d8927861fbcc2a29
                      • Instruction ID: 30053daa053c0e3d5925b9aa94b7d143223433e012df582e33fe7c0a4a1a447c
                      • Opcode Fuzzy Hash: 0fc4f9b81de9ef3a2881258f6c6986ddd42121392d168565d8927861fbcc2a29
                      • Instruction Fuzzy Hash: 0C21EA75E1020A9FCB04DFA9C8848EFFBF5FF98210B10C65AE529E7214E7749956CB90
                      Function 0702D020 Relevance: .1, Instructions: 62COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: efdcdc77949269c52314ba7b90defec9b944fa72a2abdae73ce53066f10846b3
                      • Instruction ID: 5268b97ee97c18eed03f61d24acfd89cc350dbd636aaed64062b80ed46293395
                      • Opcode Fuzzy Hash: efdcdc77949269c52314ba7b90defec9b944fa72a2abdae73ce53066f10846b3
                      • Instruction Fuzzy Hash: C811297120A3A59FC30347749814296BFB59F86320F1582E7D488C75A3C6394956D3D2
                      Function 0235D006 Relevance: .1, Instructions: 60COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084346612.000000000235D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0235D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_235d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8ff9458c094e7ee08e1fe5abfd9545b4e99267ece821b2bb13efdcf2e5d2858e
                      • Instruction ID: cb4d3e4347f1702866e454bdc2bffb029f31e3304acf38f63abd62479a75471e
                      • Opcode Fuzzy Hash: 8ff9458c094e7ee08e1fe5abfd9545b4e99267ece821b2bb13efdcf2e5d2858e
                      • Instruction Fuzzy Hash: C021AC755093848FDB02CF20D994B15BF71EF46214F28C5EAD8498B2A7C33AD80ACB62
                      Function 0702A420 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6694d6d5a5b4183dcf2c8049950cdbecd44eb3109700a1d1c99b0142df50b990
                      • Instruction ID: e8f9a3318e5d6e7ecde83ca867424ddb6bf42fdbe95e8a0bac5c13917dce2827
                      • Opcode Fuzzy Hash: 6694d6d5a5b4183dcf2c8049950cdbecd44eb3109700a1d1c99b0142df50b990
                      • Instruction Fuzzy Hash: 8621BA75E0021A9F8B44DFA9C8448AFFBF9FF98210B10C65AE518E7215E770A956CB90
                      Function 0234D067 Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084264560.000000000234D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0234D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_234d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                      • Instruction ID: 06fb21dfe30e72b3b883827bd7f868fd4264758b6c670f03726df962fe44ad3b
                      • Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                      • Instruction Fuzzy Hash: 1A219D76504284DFDB46CF10D9C4B16BFB2FB88314F24C6A9DD490B256C33AE426DBA2
                      Function 07021ED0 Relevance: .1, Instructions: 57COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cac70ff23bcd3d14c9758ce51d457e3bd1aab14dc4f01c6046a91aec1ff0fd7d
                      • Instruction ID: 526ec167869514c0eebeed72fb56bcfcc1811166bae93e042eab6bbafdc43d52
                      • Opcode Fuzzy Hash: cac70ff23bcd3d14c9758ce51d457e3bd1aab14dc4f01c6046a91aec1ff0fd7d
                      • Instruction Fuzzy Hash: 661122B73402158FD7548B28D9866687BE2EF85310F19C1B5D11ACF7B3DA39D8079B80
                      Function 0235D2EB Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084346612.000000000235D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0235D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_235d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction ID: b6d87511a8c2fac04b0a8dada2f1a051ea51d4bfa2a0bd23c55057c0afe8c806
                      • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction Fuzzy Hash: C211A975504284CFDB02CF14D5C4B15BBB2FB84214F24C6AADC494B256C33AD40ACB62
                      Function 0D0401BB Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4fc45328e86f42984944dfaaa03f893b173b4a62ae1ac6ec6f1d199fb4317967
                      • Instruction ID: 8d573bc705168d8826db6e21fd7a1b57e7cd699638392b07e662275374ad123f
                      • Opcode Fuzzy Hash: 4fc45328e86f42984944dfaaa03f893b173b4a62ae1ac6ec6f1d199fb4317967
                      • Instruction Fuzzy Hash: E1110A74A442189FEB54CF64C885FDCBBB9BB49700F1081E9D54DAB281DB745AC5CF40
                      Function 07028BD4 Relevance: .1, Instructions: 51COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6448abd7bf746f9638ab0b9720e7a2839094991c1ff74f2ddc843b5113ba7384
                      • Instruction ID: 5ac2de00a19a706e5a36cb0194b832932ef8938c553e078691ce15a8e764a374
                      • Opcode Fuzzy Hash: 6448abd7bf746f9638ab0b9720e7a2839094991c1ff74f2ddc843b5113ba7384
                      • Instruction Fuzzy Hash: C21126703403105BE714A668D424BDB76CBEB84708F50C66DD1898B7C2CEFABC4A9BE1
                      Function 0D0402D5 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 623a2a50c58788c51634cee3c581c5c1dd294a438fd43f14397bfd45b795bfc7
                      • Instruction ID: 2761d7ac8091e60249bde9c2d80ab2a178c3f7169bd1376da4050361bc0e7490
                      • Opcode Fuzzy Hash: 623a2a50c58788c51634cee3c581c5c1dd294a438fd43f14397bfd45b795bfc7
                      • Instruction Fuzzy Hash: 24114FB8909254CFEB65DF60D818BECBBFCBB89311F00D5A9854EB6291C7748A85CF40
                      Function 07029536 Relevance: .0, Instructions: 48COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85431653dc646eb2ba66c45bb49754a2512ccc27ba45663dacd6d3b99afff260
                      • Instruction ID: 40c2878ea5696fa9eafc2d4a587fd74ccb9fe94345fac02bb2cb86fd4552c5ab
                      • Opcode Fuzzy Hash: 85431653dc646eb2ba66c45bb49754a2512ccc27ba45663dacd6d3b99afff260
                      • Instruction Fuzzy Hash: F001D6703003105BE714A668D011BDB76C7EB84718F50C52DD0898F7C2CEF6A8465BD1
                      Function 0D040215 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2910fc518d4d578cbf4d55f3c7cda8ceebad1d11adf89abb476dc8031aea2129
                      • Instruction ID: 6370e5db035eb5e955f9b1b323fec651488d2b7cd35d8aea2913f0266026fa51
                      • Opcode Fuzzy Hash: 2910fc518d4d578cbf4d55f3c7cda8ceebad1d11adf89abb476dc8031aea2129
                      • Instruction Fuzzy Hash: 1111A2B5909218CFEB15CB55C940BEDB7F8BB8A301F14D0A9D60DA7252D3349A85CF50
                      Function 07023738 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d6f3b4792a233dd38c3fe4c67d1e4d0efef4f0ecafd9a553963402988dd3472b
                      • Instruction ID: ec27eeb577ced5f6e51885e66b44284f83ab10858445e35a5984740e22aaa23f
                      • Opcode Fuzzy Hash: d6f3b4792a233dd38c3fe4c67d1e4d0efef4f0ecafd9a553963402988dd3472b
                      • Instruction Fuzzy Hash: ED01F5B2614714CFC721EF39C440499BBF2AF82200F1086AED4814B661EF34D947DB41
                      Function 0702ABE0 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1265a53903bbcbe63020dadaa08ce296e85b1d657ab9392dee05b0bee93cf3dd
                      • Instruction ID: dc495208bed359fa58cdcc654e2a83d37e3c015036e58410c51090a7da704834
                      • Opcode Fuzzy Hash: 1265a53903bbcbe63020dadaa08ce296e85b1d657ab9392dee05b0bee93cf3dd
                      • Instruction Fuzzy Hash: B401F1B23052118FC369DB24D890D16B7EAEF85210B20C2BAE8068B375CF70EC0BCB50
                      Function 07023B38 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 60c50cff9e5c38cbe4af52ca5d4a97f40b0f67000e762cef5c29c9b374315775
                      • Instruction ID: 53ee8e1040e349b7abbcfc122f17d1a913027d8adbd08d471425ecd1d06dea19
                      • Opcode Fuzzy Hash: 60c50cff9e5c38cbe4af52ca5d4a97f40b0f67000e762cef5c29c9b374315775
                      • Instruction Fuzzy Hash: D101D1B2A08B10DFD7027A7484164EEFB72EFC1212F0546AED8855B250EF389A47C7D2
                      Function 07028060 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6d8e21a2bb44ace6d3fec4b19c18802a2028640821dcfe4350fb79c92cc4dc2f
                      • Instruction ID: 03babd0f2e76e4b7082edb0d98ede3e27fde48386793fa81bb70baf17a72109e
                      • Opcode Fuzzy Hash: 6d8e21a2bb44ace6d3fec4b19c18802a2028640821dcfe4350fb79c92cc4dc2f
                      • Instruction Fuzzy Hash: D4015E757002119FD718DB29E488A6AB7EAEF892157148969D40AC7365CF71EC02CB50
                      Function 0234D92D Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084264560.000000000234D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0234D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_234d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5151847924fe1dc62810338e9706e72436308f855c785164414fefa093d88d0e
                      • Instruction ID: d3ef77a427faa3e03890eefeadd5dc06206f2977668e4479eef75cb84ece40e6
                      • Opcode Fuzzy Hash: 5151847924fe1dc62810338e9706e72436308f855c785164414fefa093d88d0e
                      • Instruction Fuzzy Hash: 5801DB71005348DAD7108E25CD84B67FFECEF45324F18C4AAED498A29BC779B840CA71
                      Function 07023F3F Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5d5c97beda638a43b6169e35c3f66906571c6e851c1846d4ba76ffd6d066dc1d
                      • Instruction ID: c4c7f9c52f640a7724e2f5586af1b2a9d2667aaf47afc0f7557db6a55f5c186e
                      • Opcode Fuzzy Hash: 5d5c97beda638a43b6169e35c3f66906571c6e851c1846d4ba76ffd6d066dc1d
                      • Instruction Fuzzy Hash: 9BF0F9713487415FC7159F29B8D485EBBF9EEC5230704067BE10987162CA699C0A8395
                      Function 07023748 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a574716f761af4db2ae162b8c748888a8d5d40cc8edf708db51ec654192a78b
                      • Instruction ID: ffaadacd1661b7572fb1f5b9c3bfb87d58155d4bf14be359b356857814d18207
                      • Opcode Fuzzy Hash: 8a574716f761af4db2ae162b8c748888a8d5d40cc8edf708db51ec654192a78b
                      • Instruction Fuzzy Hash: BC014CB2610B15DFC724EF39C44059AB7F6AF86300B50C66ED8469B260EF35E946DB81
                      Function 07021CC9 Relevance: .0, Instructions: 44COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 611695c6090bd023293a3acb6f3b2eb01ec770199b5d398e0a7f40704d66640b
                      • Instruction ID: e078356dd44d875555ce8f4e318ab8b64145b887c76a4429fa3ad9b2eb3ea601
                      • Opcode Fuzzy Hash: 611695c6090bd023293a3acb6f3b2eb01ec770199b5d398e0a7f40704d66640b
                      • Instruction Fuzzy Hash: EDF0C2F3300238CFC706A73894645AC7BE69FC5612B1542BDD4068B3A1CE28C903E392
                      Function 0702ABF0 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c5baaee0d19972e9b55b9c404b637562b2ad6bf1802d33bf96d277405776fec2
                      • Instruction ID: 21cc97b44d053bb80609a3db65bb745d23e5906038f76e14894cc88d5ae476cd
                      • Opcode Fuzzy Hash: c5baaee0d19972e9b55b9c404b637562b2ad6bf1802d33bf96d277405776fec2
                      • Instruction Fuzzy Hash: 32016D713052118FC768DB69D850D1AB3EAEF85220B60C6B9D90A8B374CF71EC07CB54
                      Function 07021588 Relevance: .0, Instructions: 40COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dfe6d9ef90bd35ea3ea1a835403d0971b6b9af01595bb2291400a793982c3224
                      • Instruction ID: 1d231504abafcf7ef3e88adc3e043bad479a5f0d59f4954522086c91120fd31d
                      • Opcode Fuzzy Hash: dfe6d9ef90bd35ea3ea1a835403d0971b6b9af01595bb2291400a793982c3224
                      • Instruction Fuzzy Hash: B9F024B330813ACBCB189B3A8444ABE72DDAFC6615B064739E403C3290CE20D903A691
                      Function 0D04046D Relevance: .0, Instructions: 39COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cba55190e90d1733357542aac0988f4ae3791aa790224ed6c559ebf5bc595419
                      • Instruction ID: c79f6578a973b878f3698d8dd1a4f32f8cd0ac0c883ed88cb0e7c30e6b6bb657
                      • Opcode Fuzzy Hash: cba55190e90d1733357542aac0988f4ae3791aa790224ed6c559ebf5bc595419
                      • Instruction Fuzzy Hash: 4D01D6B5904218CFEB54DF55C840AEDBBF8EB49301F54E0A9D60DAB251DB30AA86CF90
                      Function 07021D5F Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 819e96a8da42c4c83ddf20a1a8a5ae3fed541150c8ccf9c11997f37230d5e01c
                      • Instruction ID: 5495e213b0eb3d69f8d25286e2cb64d669718c805248362b0b2953667a2c27ff
                      • Opcode Fuzzy Hash: 819e96a8da42c4c83ddf20a1a8a5ae3fed541150c8ccf9c11997f37230d5e01c
                      • Instruction Fuzzy Hash: 04F0E9F7344139CFCB054B2494806BC3BE69F81556B0642B6D006C7795CE24CA07E782
                      Function 07023BB8 Relevance: .0, Instructions: 38COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1da378929d271432c74f22fd93881036eb5c6087d1010e81eb8c4602d9f79664
                      • Instruction ID: 687e3de5cd727519e3b3145c336eb8c19635a383603cf815eb1a8d5366d3473e
                      • Opcode Fuzzy Hash: 1da378929d271432c74f22fd93881036eb5c6087d1010e81eb8c4602d9f79664
                      • Instruction Fuzzy Hash: E5F0F6B6300711CFC32AAB28E495569BBBBEF85321B004969D105C7672CB38D847CB40
                      Function 0D040422 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0035a52867f3448f7c2926534a0e7df1f9691644aed2fee803308e0e487c424b
                      • Instruction ID: 19455e22c16018c465689aaa0454e29922d18891be340a1484adab22cf88f317
                      • Opcode Fuzzy Hash: 0035a52867f3448f7c2926534a0e7df1f9691644aed2fee803308e0e487c424b
                      • Instruction Fuzzy Hash: 0C01E8B5904218CFDB14DF65C841EEDBBF9EB49301F54D0A9D60DAB251D730AA85CF90
                      Function 07023FA9 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f740a0954997c2a35208bb7ef5a825de40f6dc03d52b38676f716e1463e9c1f6
                      • Instruction ID: 390cfe8518ef65ed3af583cd20d3f08bd24090f115d64ad55ba18ec5ad6bd529
                      • Opcode Fuzzy Hash: f740a0954997c2a35208bb7ef5a825de40f6dc03d52b38676f716e1463e9c1f6
                      • Instruction Fuzzy Hash: 50F049312546908FC315CB38D599C58BBF5EF4A70571541EAE409CB773CB62EC46CB41
                      Function 07023B48 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5608f76622a1fa8579b83b2f68243d89b590101816a3d2aec14956df12945f32
                      • Instruction ID: b8266af9ea19dd1c3db7ac70c57192d4e9ea2b585200139349703d698a55dfa2
                      • Opcode Fuzzy Hash: 5608f76622a1fa8579b83b2f68243d89b590101816a3d2aec14956df12945f32
                      • Instruction Fuzzy Hash: ABF0C272A04B15DFCB127A7484045EEF775EFC1221F05476DD9455B200EF34AA8397D2
                      Function 07021119 Relevance: .0, Instructions: 37COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 783713c61178cfb35ea1f0bb98744de0ef282e7f7540da29c54b31063c334d5d
                      • Instruction ID: 09e7c6ac1b79844fdc14b590716d1945d057940d14e711df29d13bd03b932882
                      • Opcode Fuzzy Hash: 783713c61178cfb35ea1f0bb98744de0ef282e7f7540da29c54b31063c334d5d
                      • Instruction Fuzzy Hash: 9901C4B5900649DFCB41DFA8C58589DBFF1FF49300B1581AAE449EB221E7709A55CB81
                      Function 07021CD8 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 54c9a5f0e9137ba0a0cf824ae95fea13bbb4fee6e5791f51ec9f553f711a1be8
                      • Instruction ID: ab9cdedc5f5db377823fcae198320b4b015efe9dcbe76c51b7301395e5254723
                      • Opcode Fuzzy Hash: 54c9a5f0e9137ba0a0cf824ae95fea13bbb4fee6e5791f51ec9f553f711a1be8
                      • Instruction Fuzzy Hash: 2AF054B2300638CB8759672D941457D72EA9FC9611B55427DD40687390CE38C843E792
                      Function 070294EA Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5e9472ba1e604df42d2148ca0168ae53dd93fbaaffcec46cb28cbcb1bed33b00
                      • Instruction ID: 1ab38ba12351d5d47d33b18c2fcec5945582209ab62a3a156305474be9f3d311
                      • Opcode Fuzzy Hash: 5e9472ba1e604df42d2148ca0168ae53dd93fbaaffcec46cb28cbcb1bed33b00
                      • Instruction Fuzzy Hash: CFF027777002204FC70D5664A4517E93BD6DF8A715F45817BE109CBB91EA744C074381
                      Function 0234D92C Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2084264560.000000000234D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0234D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_234d000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 673802932fad3b517c9bb5c5567a4ccd54d8b2eeb8ebeedc57553a6e33ca9010
                      • Instruction ID: 38a6cbb28b90e3df25980634648ce0bafb17e205697d2d80b319affc08e96d64
                      • Opcode Fuzzy Hash: 673802932fad3b517c9bb5c5567a4ccd54d8b2eeb8ebeedc57553a6e33ca9010
                      • Instruction Fuzzy Hash: 3BF096714053449EE7108E16CCC8B66FFE8EF45734F18C59AED495B29AC379A844CA71
                      Function 0D041738 Relevance: .0, Instructions: 35COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a664fe5d649c289fff8a2ae8c609dabf41efd6285e74fb51a7fd23fc962ee560
                      • Instruction ID: 5055820aaf675baba12c22381e35317169de13d4eca5846df1c3ab19813fe0ec
                      • Opcode Fuzzy Hash: a664fe5d649c289fff8a2ae8c609dabf41efd6285e74fb51a7fd23fc962ee560
                      • Instruction Fuzzy Hash: 03F049B0D0430AAFDB44DFA9C402AAEBBF1AB08204F118669D519E7340E375C6418F90
                      Function 0D0403AC Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca57a810ac48cec0dc3f54fb980606137526d7756cedc5b95ce6ca1834c27b57
                      • Instruction ID: 1a79114fef8c97576aabc25d71974d171400a3e1e85e230c710922195feaa650
                      • Opcode Fuzzy Hash: ca57a810ac48cec0dc3f54fb980606137526d7756cedc5b95ce6ca1834c27b57
                      • Instruction Fuzzy Hash: 3501EC79804218CFDB64DF51D484BECBBB8AB45311F14C1EA840D772A1C7749AC6CF50
                      Function 07023BC8 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3bdd723ec24c6bf90497542d4e08e27b8386540af137b2bec962d50acaec2f6e
                      • Instruction ID: 91cb910e17b8769f8c090fa05328a56011e1f780448538603ed795b6581233ce
                      • Opcode Fuzzy Hash: 3bdd723ec24c6bf90497542d4e08e27b8386540af137b2bec962d50acaec2f6e
                      • Instruction Fuzzy Hash: CBF054723006108FC629AB2AD45495AF7FEEFC9721B50466DE50A87721DB75EC43CB90
                      Function 0D040457 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0b524c9b9686b2b4646cddfea8216daed32073d3751953e25a488dd59c51f8f7
                      • Instruction ID: 7a98d5692e96e0c8d3f82c8a564829aba48ecd095c1e20f6d5eb189588057959
                      • Opcode Fuzzy Hash: 0b524c9b9686b2b4646cddfea8216daed32073d3751953e25a488dd59c51f8f7
                      • Instruction Fuzzy Hash: 4A01E475908228CFEB61DF60C840BECBBF8BB49300F1090A9D649A2252C7759A85DF40
                      Function 07021128 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                      • Instruction ID: 4243ceffdd30f352615e2fe6667d750750fc4abca0ae9b7f9b7c733986b7bd1f
                      • Opcode Fuzzy Hash: e26b3b693c3fa3a092213b46d9974f97095fdf38ae2968b16eb170a88f8efb51
                      • Instruction Fuzzy Hash: 0601B675D00609DFCB40EFACC54589DBBF4FF49210B1185AAE859EB321E770AA44CF91
                      Function 0D040321 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8e445a5a497103549e9740ef94a1289454f01f10d75345c227ebdc09ef2b5bf8
                      • Instruction ID: 875c6f12961f41e1b6196fde053c98a2958288d943c9a699b1862bda5adea404
                      • Opcode Fuzzy Hash: 8e445a5a497103549e9740ef94a1289454f01f10d75345c227ebdc09ef2b5bf8
                      • Instruction Fuzzy Hash: 5F016DB4809394CFDB52DF64D8087ECBBF8BB8A315F0096EAC549A6291C77849C4CF40
                      Function 0702F3A8 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 30cafd8f1778cc07d8ee3ced32efc54b7064747d8c6de166fb9d3932429e4c19
                      • Instruction ID: 7be73499ea85ee590ef30d555920298a5d37580bed3c85217b6930fc1d298233
                      • Opcode Fuzzy Hash: 30cafd8f1778cc07d8ee3ced32efc54b7064747d8c6de166fb9d3932429e4c19
                      • Instruction Fuzzy Hash: D4F0B4B1D0D248DFC700DFB4E5446ACBFF4AB8A210F1082AAD80963241D7381A11EB91
                      Function 07029630 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 99a4cc963b9ef22c62a8860e47f7a8be52962c7b10fdbde5a5a95b97e8d1f81c
                      • Instruction ID: de3c78be21942ca81b578e033a80dc503762148fe8ef1167ebc26a47ead67b34
                      • Opcode Fuzzy Hash: 99a4cc963b9ef22c62a8860e47f7a8be52962c7b10fdbde5a5a95b97e8d1f81c
                      • Instruction Fuzzy Hash: FBF058B26147158F9F18CF18D48298537E9FB04348B200AA9E42ACF302D776EC038B88
                      Function 0D04051D Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ee3b340fa6b7499447d827c422941044e6aed677e87969477adfb680b7b605e2
                      • Instruction ID: 1bc84345276467b4b0f25a16f514341273aa59a71035cfd2d7b50ebc90689613
                      • Opcode Fuzzy Hash: ee3b340fa6b7499447d827c422941044e6aed677e87969477adfb680b7b605e2
                      • Instruction Fuzzy Hash: C2F01D719082549FEB52CFA0C990AECBBB8BB0A300F1081EAD949A7152C7359A86DF50
                      Function 0D041748 Relevance: .0, Instructions: 29COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56429cd06f5c16a24636707904c2b56752d796b082199ab443d1be2c94f0cc42
                      • Instruction ID: dd8c04a75eaf98aab143ec1a5f26c8ee9328b378fb0c79ef81b828a33078991c
                      • Opcode Fuzzy Hash: 56429cd06f5c16a24636707904c2b56752d796b082199ab443d1be2c94f0cc42
                      • Instruction Fuzzy Hash: 5EF0B7B4D0430A9FDB44DFA9C841AAEBBF4AB48200F1085A9D919E7341E774D5408BD1
                      Function 07023FB8 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ca1431918c025ba0d3067c6596fd96996f4d59363e9d177f1a1b762ec7bcc1bf
                      • Instruction ID: f2c9bfd4d841b172b2d4b9ee448bb411237772a60a3ef77c9dbcf3ba34e2818a
                      • Opcode Fuzzy Hash: ca1431918c025ba0d3067c6596fd96996f4d59363e9d177f1a1b762ec7bcc1bf
                      • Instruction Fuzzy Hash: C8F0D431240610CFC718DB2CD588C5977E9EF4A71971145A9E50ACB772CB76EC40CB80
                      Function 07029622 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d43c2fc68af39daa438c180bddfbd6af12319c53afeba18eb270db50094c4517
                      • Instruction ID: 43aa3050efdfb0a1424b6a9662bb793c61aee15ac60430fcf4d095377d13aab2
                      • Opcode Fuzzy Hash: d43c2fc68af39daa438c180bddfbd6af12319c53afeba18eb270db50094c4517
                      • Instruction Fuzzy Hash: 81E022B26187108FCB18CB18E4878887FF4EB0120471405AAD006CF202EA29DC078780
                      Function 0D042DA8 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3aeb99813b99dc1f072237474715100314f8b7c4a1b586838a1fe1d5aa0dc991
                      • Instruction ID: e7beae543e80c3eaf52b787cab0fda94913390aea450d9166da2ad8a052eab63
                      • Opcode Fuzzy Hash: 3aeb99813b99dc1f072237474715100314f8b7c4a1b586838a1fe1d5aa0dc991
                      • Instruction Fuzzy Hash: 04E026FBB0B6441BD75A06257C145F57BA9FFD772130A407BE44A8B241CA564D0283E1
                      Function 0D0416E0 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b0b2606c23e3bd15d3655bbb3661bfa534cc1eca928db1ed90c4335c75b61fb7
                      • Instruction ID: 80a224b9d8710866e19d58c36dd0baf012eee00bad70604f91d7a3e28c638392
                      • Opcode Fuzzy Hash: b0b2606c23e3bd15d3655bbb3661bfa534cc1eca928db1ed90c4335c75b61fb7
                      • Instruction Fuzzy Hash: 70E0C9B1D406159FD780EFB88945A9ABFF0AF48204F11C9A5D019E7221E7748A428B81
                      Function 0702F3B8 Relevance: .0, Instructions: 27COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: be6944658a1a7bdb7e55c5527df8f90edef5614e1de11592021cca94f9ba33da
                      • Instruction ID: 44bedbd85dace39c573eed8fa9790016f1eac6b0c8c6d66597aeab0b5427815d
                      • Opcode Fuzzy Hash: be6944658a1a7bdb7e55c5527df8f90edef5614e1de11592021cca94f9ba33da
                      • Instruction Fuzzy Hash: 2BF065B1E09208DFCB44DFB4D5459ADBBF4AB4A311F10C2A5D809A3340D7785A01DF80
                      Function 0D040266 Relevance: .0, Instructions: 26COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 809d7efa722df55fb022682153fae7a7e7b3fb6013e65c75e0c8cd0d056c8831
                      • Instruction ID: 9e89f42b77dbd285676773aee2e588ebcee74750f5a409a5aa9f930ed700e598
                      • Opcode Fuzzy Hash: 809d7efa722df55fb022682153fae7a7e7b3fb6013e65c75e0c8cd0d056c8831
                      • Instruction Fuzzy Hash: DEF09DB59042189FEB54DF64C940AE9BBF8BB48300F1490AAD909A7251D636AE85CF50
                      Function 0D04057D Relevance: .0, Instructions: 23COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 22b2e39c567a1c28dfcfdb3e3223fc5bf3c40618e85239eba76ad3e454f9290d
                      • Instruction ID: 77a9e3d58d759edf51d041f2c1966d05ce23f23d815ae367a4c3d448fa80b338
                      • Opcode Fuzzy Hash: 22b2e39c567a1c28dfcfdb3e3223fc5bf3c40618e85239eba76ad3e454f9290d
                      • Instruction Fuzzy Hash: 40E0A5B5909218CFDB25CE50C944BF8B7B9BB8A315F04D0A9850E76295C335DA86CF40
                      Function 0D040ED0 Relevance: .0, Instructions: 22COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c82421b4acbf2575802bc938c9addd6ab34c2a4b5132436f86d9c0dc6da2892
                      • Instruction ID: b27399e900c0f29f8da03722f1b45223ab0ee6f9f26871f6261da495830fe109
                      • Opcode Fuzzy Hash: 9c82421b4acbf2575802bc938c9addd6ab34c2a4b5132436f86d9c0dc6da2892
                      • Instruction Fuzzy Hash: 1BE0863091A3849FC7419B799C156EA7FB49B02211F1442E6D844976D1E7348A54DBA2
                      Function 0D040992 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9772855b9c3fc2236ad6bae56f5d043bca8f9b1423b02abbcbd59c4766978b0
                      • Instruction ID: 553752a5c030a66a90fa066e37d490260a55fabd23ca72a7e924fae92a0644cc
                      • Opcode Fuzzy Hash: e9772855b9c3fc2236ad6bae56f5d043bca8f9b1423b02abbcbd59c4766978b0
                      • Instruction Fuzzy Hash: 9CE0E5B69041189FDB44DF90CC85FE9BBB9FB48301F1480D9E609A7291D6369A86CF50
                      Function 07029528 Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a7d91fb803ced1637b9357ebc30f6488c1a52f9c92930e75ab2443f75d9bdb46
                      • Instruction ID: 20fdfbf48504d883c7eab1ec6b4607e131ac264e9a93b2cef4a0db8d630c0552
                      • Opcode Fuzzy Hash: a7d91fb803ced1637b9357ebc30f6488c1a52f9c92930e75ab2443f75d9bdb46
                      • Instruction Fuzzy Hash: A7D05B9775D2D05FD707217014716D91F22475B745F6545DBD0454A4D3D446450B9383
                      Function 0702BDBD Relevance: .0, Instructions: 20COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e9b6561b19f7a6ce5246c1eaeb3571720ad326cc05fab24f1f54cc1fad1a4613
                      • Instruction ID: 6b613e543a55c0cdce6cf8ceef3e700e1834b04a406ead516a01b9e0b032ddf6
                      • Opcode Fuzzy Hash: e9b6561b19f7a6ce5246c1eaeb3571720ad326cc05fab24f1f54cc1fad1a4613
                      • Instruction Fuzzy Hash: D5E012F3C04138A78B10AFA59C054DFFF78DF15650F414122E9156B100F3715A62DBD1
                      Function 0D042DB8 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85c9842ae5cd817b4b6977e938e29f60860ca43dc6f8d8eb147f19e7c7be4fab
                      • Instruction ID: c3f9a73f48f32d696b9b5ab39f5a784c98737a65473ab03c1e2349cdb78af3e6
                      • Opcode Fuzzy Hash: 85c9842ae5cd817b4b6977e938e29f60860ca43dc6f8d8eb147f19e7c7be4fab
                      • Instruction Fuzzy Hash: 40D0A77A71661463C728166BB8089BBB7DEFFC6722708803EF40F837408E659C0082E4
                      Function 07021CA0 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c0f0d9125bd81bfc4a980fd4e5d2e5d4a0f8f32f490348d716210d29f6ebb6eb
                      • Instruction ID: 9a99cdde9ecd7f89d7c5146b41c3e722986d505af1fcbb38956e8930ff21a32e
                      • Opcode Fuzzy Hash: c0f0d9125bd81bfc4a980fd4e5d2e5d4a0f8f32f490348d716210d29f6ebb6eb
                      • Instruction Fuzzy Hash: 01D017313107149F8768DB1CE840C9AB7EEAF8821032486AAF009C7760DA60EC058684
                      Function 0702AB30 Relevance: .0, Instructions: 19COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a7107a1c98f64c3ea346ae72baa456b978e0e52b6c6230041ceb2ef7ff3f054
                      • Instruction ID: a3ee639a93304774cdb8242ae33ca065badebb0a2de39120d6fd6bcc21c0d33d
                      • Opcode Fuzzy Hash: 8a7107a1c98f64c3ea346ae72baa456b978e0e52b6c6230041ceb2ef7ff3f054
                      • Instruction Fuzzy Hash: 8CD05E7B211246EFDB81DEA098C2C917B72EB25200B54E092F5448E566C2B18957DF10
                      Function 0D040417 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 26261d505646b1847582b3181a6362aa2473bf00f3362e0cc0c55c0cc397e87d
                      • Instruction ID: 90013c2a55a403368fe935a5fff4210e5a2109c57fadcb22af0c8024f786ac68
                      • Opcode Fuzzy Hash: 26261d505646b1847582b3181a6362aa2473bf00f3362e0cc0c55c0cc397e87d
                      • Instruction Fuzzy Hash: 09E01A74E08208DBDB55CF95CC90EACBBBABB8C310F24C069960CBB255C6319942CF44
                      Function 0D0416F0 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: eeb06bdcc2fdb1a58e824ed07bdccd766b59fe5bad3a08da3a22b98c433e55ad
                      • Instruction ID: 56349616261c1c7498a39950c4fa94fdaf2f6c5cc9c186cc6b0b1d5bd4bdfc03
                      • Opcode Fuzzy Hash: eeb06bdcc2fdb1a58e824ed07bdccd766b59fe5bad3a08da3a22b98c433e55ad
                      • Instruction Fuzzy Hash: BDE0B6B0D4020ADFD740EFB9C945A5EBBF4BF08200F11C5B9D019E7251E7B49A458F92
                      Function 070294F8 Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 150c2fdfbb210e8813b52f51985ce1e2353ebafb7fced2611a3f7003c6efec6e
                      • Instruction ID: fc9c0decccfd299248bfa1baa27cacf420c23ead9a52b1445856cf867c5f05ab
                      • Opcode Fuzzy Hash: 150c2fdfbb210e8813b52f51985ce1e2353ebafb7fced2611a3f7003c6efec6e
                      • Instruction Fuzzy Hash: BED05E767042245BC70D66489020BDB76CA8FC9750F15C07EE5098B780D9A19C0107D5
                      Function 0702238C Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: abffa075d9f98e765f8a80700c6b4d3103c7938da629a31d0b54f6d63ce2c2f4
                      • Instruction ID: ed4fe03f0e784189e9b777ae9344a68c09d91ab58f397556dd7294a67f1d912b
                      • Opcode Fuzzy Hash: abffa075d9f98e765f8a80700c6b4d3103c7938da629a31d0b54f6d63ce2c2f4
                      • Instruction Fuzzy Hash: 02D05E323006010B9219E658F94084EE39BEFC0214B548A3AD1169B228EF65BC098BC0
                      Function 07024A0F Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 815d3e4a91c6b38df278f4f47016f9f7126a759de9c22c7ad9d7b94f7082d742
                      • Instruction ID: 9c8dd797cc4d898d3e71c9f8a87cdbdd04d878f7ebe2a6befffd4fa215569cfc
                      • Opcode Fuzzy Hash: 815d3e4a91c6b38df278f4f47016f9f7126a759de9c22c7ad9d7b94f7082d742
                      • Instruction Fuzzy Hash: 9BD05EAB55E3D1AFC3420B30E82A1992F659602104B194083E88687653E5348907DB2A
                      Function 0D04072C Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 31b0eac6b063713ba112b91b63acb082f6aec07dc194fa0d7b2f54a1963871e6
                      • Instruction ID: 4f364fa9156b5c60ca61a1137ec1c25fa0ca01a9b6475cf5cfd90df96f841292
                      • Opcode Fuzzy Hash: 31b0eac6b063713ba112b91b63acb082f6aec07dc194fa0d7b2f54a1963871e6
                      • Instruction Fuzzy Hash: D3E0B674A09218DFDB55CF94DC90FACBBB5BF4D310F2480999A08AB295C632A952DF44
                      Function 07029E20 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7286e4ec3cc1eb566cf401b8067f4dc4c9fd5de5f48844297bda32cb040a3037
                      • Instruction ID: 08dd652240e1d3d37b025775dfb0562150f0261dc84db55c3f361c47878b9225
                      • Opcode Fuzzy Hash: 7286e4ec3cc1eb566cf401b8067f4dc4c9fd5de5f48844297bda32cb040a3037
                      • Instruction Fuzzy Hash: F2D05E77048244BFC7026E90D852A84BF31EB06240F24C089EB440D0A2D673C617AB81
                      Function 0702BDC8 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                      • Instruction ID: 8474ead0144e29503ecfae6642ad4b93da30c57605a50d90f6a7c3d82a5d16fc
                      • Opcode Fuzzy Hash: fcc788c89ca91730e34b729ea8219a5e8389f3dd18a4f57a8284d2c23dda9339
                      • Instruction Fuzzy Hash: D5D09EB2D00139978B10AFE9DC054DFFF79EF05650F418126E915AB100E3715A21DBD1
                      Function 07024A20 Relevance: .0, Instructions: 16COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c555dc6653a327046e282a5937fbdcf8912c163dfca769568b4afa94f9fe2cb6
                      • Instruction ID: 0c19bdfb6f7825faaeebe22bf7924667a8554a3d17707a28ed731d34cd79a3c3
                      • Opcode Fuzzy Hash: c555dc6653a327046e282a5937fbdcf8912c163dfca769568b4afa94f9fe2cb6
                      • Instruction Fuzzy Hash: 42D0A9B22A425A83CA984AA5A019A29379CAB00608F0440A8F40EC6900EAB2EC03A504
                      Function 0D040830 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c6531394aae09049cc9f4986d905470d0733dcd557d205539658c27be243c320
                      • Instruction ID: 2d9518bf8822644f0ba9cbf3db2bb76ebad19ce56a7f923eb93f9dee26097374
                      • Opcode Fuzzy Hash: c6531394aae09049cc9f4986d905470d0733dcd557d205539658c27be243c320
                      • Instruction Fuzzy Hash: 1DE0EC7480D6995FDB119B208960BDD7AB96B06210F10C5D68D4D67282D6304944CF41
                      Function 0D040EE0 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ab6c2d8049838235ae336d208eea0aa974de8eadba4cba1941c14a6c82aa7a9e
                      • Instruction ID: 159a91bf504ce3ab623cd5d57250b7c00e9380adf2acb6ddffc7339a853458a7
                      • Opcode Fuzzy Hash: ab6c2d8049838235ae336d208eea0aa974de8eadba4cba1941c14a6c82aa7a9e
                      • Instruction Fuzzy Hash: 1DD0A770C52108DFCB84EBB9D90575D7BF4A700201F1081B8880853280EB304A50DB91
                      Function 07028C58 Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b0c3275ac0024e3b7c8fcc063e8813342ecdf12cadcc50c84d3c6f15324d8f8b
                      • Instruction ID: 1f6fbaf6233f780ffca1cf682ba576dd0d4bded3be92a570901fe50bb7a65042
                      • Opcode Fuzzy Hash: b0c3275ac0024e3b7c8fcc063e8813342ecdf12cadcc50c84d3c6f15324d8f8b
                      • Instruction Fuzzy Hash: 7ED0A9BB0592309EC601B62C86E08D9BB98EF82304B00C963D0808A070EA30C859E68A
                      Function 0702B3CF Relevance: .0, Instructions: 15COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf528bc52b80e83592e067a8eecc43baf1ac8250ca3ec7dc7cfaa53ba0e5808e
                      • Instruction ID: bfa2014d6fb07d09d8860491d31c9c794584f30518c4bc8a835454db6d16aabc
                      • Opcode Fuzzy Hash: cf528bc52b80e83592e067a8eecc43baf1ac8250ca3ec7dc7cfaa53ba0e5808e
                      • Instruction Fuzzy Hash: 72C08CFB8141009FD707262188838C87F63FA133853A6E2A1D080478736635482FAB96
                      Function 0D04087B Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d41c2b9eed2f85e4afd703768de67e88ed5e4d60e8e91a5687e6e381d5afcab1
                      • Instruction ID: 8ae0f3613e68597adec779adab2c89d27bbba6f5366f457456497551ae5b655a
                      • Opcode Fuzzy Hash: d41c2b9eed2f85e4afd703768de67e88ed5e4d60e8e91a5687e6e381d5afcab1
                      • Instruction Fuzzy Hash: E8D017F4909A14CFE752AFB0D80C69C7BBCFB59702F04AAE9850EBA250C33449408F61
                      Function 0D0417E8 Relevance: .0, Instructions: 14COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3918301d3e44567aa4e42c3440e4f8a2f6b6a3d01ad2db4eaa927e20b99f0374
                      • Instruction ID: 5f37ca58c71297377fe2e3c0872dc50513b9d1e03142b2be58d9ef406b038d52
                      • Opcode Fuzzy Hash: 3918301d3e44567aa4e42c3440e4f8a2f6b6a3d01ad2db4eaa927e20b99f0374
                      • Instruction Fuzzy Hash: EFD0123624820C5F7B80EFA9E840D527FECBB24600741C076E60CC7421E621E465E751
                      Function 0702D0A0 Relevance: .0, Instructions: 13COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d591d7084c9b032c983f2b96ec6b1fbc923795c7d6743517905e832b8659c0c5
                      • Instruction ID: 81b13b61ce5d6a0c62cf93e2564688fd4e6c885074c286919292b88d15305ce4
                      • Opcode Fuzzy Hash: d591d7084c9b032c983f2b96ec6b1fbc923795c7d6743517905e832b8659c0c5
                      • Instruction Fuzzy Hash: 8DC012B15562189FC740DFB5D40975576E8E705226F0182559409C3141DA795410DBA2
                      Function 0702D555 Relevance: .0, Instructions: 12COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5d0d552c47e21630ecf69d5f061374cd33c5cb5f4e61bf1c75436ed8608904c9
                      • Instruction ID: 636ef45b86cecc01e0bff93d61751386786f185ec16ddecc74358069133f79d0
                      • Opcode Fuzzy Hash: 5d0d552c47e21630ecf69d5f061374cd33c5cb5f4e61bf1c75436ed8608904c9
                      • Instruction Fuzzy Hash: FAD012709111168FC794DF69EA84F8CB7B5FF89200F009664D409A7238D7385949CF54
                      Function 0702AB40 Relevance: .0, Instructions: 11COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a2492d6e2e2df4a365880e72eb70f6d55902aee66bac000484197d1efbbba23f
                      • Instruction ID: dcc99f330499e665b7ff73fa377f55163f96837864179d38033acf06e418db52
                      • Opcode Fuzzy Hash: a2492d6e2e2df4a365880e72eb70f6d55902aee66bac000484197d1efbbba23f
                      • Instruction Fuzzy Hash: EFC01236200208AFD680AA94C800D557769AB08610F50D100BA080A151C272E852D751
                      Function 07029E30 Relevance: .0, Instructions: 10COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7282bd47c7fc59473d99393943301e2e415b0767e717727f804e189d92327ef9
                      • Instruction ID: 6c814a37cca9ebb1418c23da4ef44426dabe299825970ecdecd548d8cc703fee
                      • Opcode Fuzzy Hash: 7282bd47c7fc59473d99393943301e2e415b0767e717727f804e189d92327ef9
                      • Instruction Fuzzy Hash: AAC01232000208BBCB026A80C800E49BF2AAB04290F24C004FB040D0A1D373D923AB80
                      Function 0702AD4D Relevance: .0, Instructions: 9COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c05e6493be7eade06c08480b35a5e6595440f2baf45c56b13da69b742cadf531
                      • Instruction ID: cf4a4f59deb10a910dcbfe793c0e2df5cd92da71ed99abd0b4284ed80aa4ae6a
                      • Opcode Fuzzy Hash: c05e6493be7eade06c08480b35a5e6595440f2baf45c56b13da69b742cadf531
                      • Instruction Fuzzy Hash: A0C04CB65046009FC748EF75D85455AB7E6BBD8701F04C83ED889C2200EA345519DB56
                      Function 0D040764 Relevance: .0, Instructions: 8COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b1c7648a3e5d1c61d0db583fc02f562ceea0c97869f9e3045290654a946b4e1c
                      • Instruction ID: 20b00445aef00c2c8ee6465498a013b2d4f69a15a3260b7028a4c0b274d241e1
                      • Opcode Fuzzy Hash: b1c7648a3e5d1c61d0db583fc02f562ceea0c97869f9e3045290654a946b4e1c
                      • Instruction Fuzzy Hash: 03C012B49081688FDB20DF10C860BDDBAFABB09300F2080DA890CB3340CA309E80CF80
                      Function 0D0408CA Relevance: .0, Instructions: 6COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000006.00000002.2089768490.000000000D040000.00000040.00000800.00020000.00000000.sdmp, Offset: 0D040000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_d040000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86e4f8c07645a1684110e14e9c0dfce988ce86675ad9a7c8168a144fd74fd4fc
                      • Instruction ID: 72ad8d7c632545c2c7d58921cfb119d4ea630a358762539e650497271adc9633
                      • Opcode Fuzzy Hash: 86e4f8c07645a1684110e14e9c0dfce988ce86675ad9a7c8168a144fd74fd4fc
                      • Instruction Fuzzy Hash: F0A022FC020000CEFB230AF2AC00FEA203CB382B0AE00E2CFA20C320C083B0028C0C02

                      Non-executed Functions

                      Function 0702001E Relevance: 41.7, Strings: 33, Instructions: 449COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq
                      • API String ID: 0-3058033958
                      • Opcode ID: cd34402ab08f845120942f212ebad369bf08c21c14edd419954fd98005e5b46a
                      • Instruction ID: cedd2c41edf5718eaea478dfe108b6e1770ff6bd03b29ecc5d20f0876dbd5c7c
                      • Opcode Fuzzy Hash: cd34402ab08f845120942f212ebad369bf08c21c14edd419954fd98005e5b46a
                      • Instruction Fuzzy Hash: BC12AD70E012169FCB68EF64E950AAEB7F6FF45300F1045A9D006AB2A5DF346D5ACF90
                      Function 07020040 Relevance: 41.7, Strings: 33, Instructions: 434COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000006.00000002.2088200972.0000000007020000.00000040.00000800.00020000.00000000.sdmp, Offset: 07020000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_6_2_7020000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: 4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq$4'jq
                      • API String ID: 0-3058033958
                      • Opcode ID: 60ee8637900831f2b40f178f22afee99f1e91ce0c1a807bfc5224b686e68774f
                      • Instruction ID: a6ff6f1e0ccb9b7f4718da9fb78de55075efec1b4f348ef0e02d1bf49cc7d978
                      • Opcode Fuzzy Hash: 60ee8637900831f2b40f178f22afee99f1e91ce0c1a807bfc5224b686e68774f
                      • Instruction Fuzzy Hash: 3912AD70E0121A9FCB68EF64E950AAEB7F6FF45300F1045A9D0066B2A5DF346D5ACF90

                      Execution Graph

                      Execution Coverage:12.8%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:1.6%
                      Total number of Nodes:253
                      Total number of Limit Nodes:14
                      execution_graph 47939 e3ea20 47940 e3ea64 47939->47940 47943 e3ea97 47940->47943 47944 e3ead1 47943->47944 47948 e3ef20 47944->47948 47952 e3ef30 47944->47952 47945 e3eaeb 47949 e3ef5f 47948->47949 47950 e3f468 LdrInitializeThunk 47949->47950 47951 e3f0de 47949->47951 47950->47949 47950->47951 47951->47945 47955 e3ef5f 47952->47955 47953 e3f468 LdrInitializeThunk 47954 e3f0de 47953->47954 47953->47955 47954->47945 47955->47953 47955->47954 48217 5c419b0 48218 5c41a18 CreateWindowExW 48217->48218 48220 5c41ad4 48218->48220 48220->48220 47956 ded488 47957 ded4a0 47956->47957 47958 ded4fa 47957->47958 47963 5c41b57 47957->47963 47967 5c41b68 47957->47967 47971 5c428b8 47957->47971 47980 5c401bc 47957->47980 47964 5c41b8e 47963->47964 47965 5c401bc CallWindowProcW 47964->47965 47966 5c41baf 47965->47966 47966->47958 47968 5c41b8e 47967->47968 47969 5c401bc CallWindowProcW 47968->47969 47970 5c41baf 47969->47970 47970->47958 47974 5c428f5 47971->47974 47972 5c42929 48005 5c402e4 47972->48005 47974->47972 47975 5c42919 47974->47975 47989 5c42a40 47975->47989 47994 5c42b1c 47975->47994 48000 5c42a50 47975->48000 47976 5c42927 47981 5c401c7 47980->47981 47982 5c42929 47981->47982 47984 5c42919 47981->47984 47983 5c402e4 CallWindowProcW 47982->47983 47985 5c42927 47983->47985 47986 5c42a40 CallWindowProcW 47984->47986 47987 5c42a50 CallWindowProcW 47984->47987 47988 5c42b1c CallWindowProcW 47984->47988 47986->47985 47987->47985 47988->47985 47991 5c42a50 47989->47991 47990 5c42af0 47990->47976 48009 5c42af7 47991->48009 48013 5c42b08 47991->48013 47995 5c42ada 47994->47995 47996 5c42b2a 47994->47996 47998 5c42af7 CallWindowProcW 47995->47998 47999 5c42b08 CallWindowProcW 47995->47999 47997 5c42af0 47997->47976 47998->47997 47999->47997 48002 5c42a64 48000->48002 48001 5c42af0 48001->47976 48003 5c42af7 CallWindowProcW 48002->48003 48004 5c42b08 CallWindowProcW 48002->48004 48003->48001 48004->48001 48006 5c402ef 48005->48006 48007 5c4400a CallWindowProcW 48006->48007 48008 5c43fb9 48006->48008 48007->48008 48008->47976 48010 5c42b08 48009->48010 48011 5c42b19 48010->48011 48016 5c43f50 48010->48016 48011->47990 48014 5c42b19 48013->48014 48015 5c43f50 CallWindowProcW 48013->48015 48014->47990 48015->48014 48017 5c402e4 CallWindowProcW 48016->48017 48018 5c43f5a 48017->48018 48018->48011 48019 57622e0 48020 57622e1 48019->48020 48027 5761e7c 48020->48027 48025 5762322 48028 5762498 SetWindowsHookExA 48027->48028 48030 5762306 48028->48030 48031 5761e88 48030->48031 48032 5761e93 48031->48032 48039 57655cc 48032->48039 48034 5762318 48034->48025 48035 57677d1 48034->48035 48036 57677ef 48035->48036 48037 5762560 4 API calls 48036->48037 48038 57677f6 48037->48038 48038->48025 48040 57655d7 48039->48040 48046 57660f0 48040->48046 48047 5765780 48040->48047 48042 57660fe 48043 5765780 4 API calls 48042->48043 48042->48046 48044 576612f 48043->48044 48044->48046 48051 5762560 48044->48051 48046->48034 48048 576578b 48047->48048 48049 5762560 4 API calls 48048->48049 48050 57661b9 48048->48050 48049->48050 48050->48042 48053 576256b 48051->48053 48052 576258d 48052->48046 48053->48052 48055 5761eb4 48053->48055 48056 5761ebf GetCurrentProcess 48055->48056 48058 5765950 GetCurrentThread 48056->48058 48059 5765949 48056->48059 48060 5765986 48058->48060 48061 576598d GetCurrentProcess 48058->48061 48059->48058 48060->48061 48064 57659c3 48061->48064 48062 57659eb GetCurrentThreadId 48063 5765a1c 48062->48063 48063->48052 48064->48062 48065 5767ca0 48066 5767ca5 48065->48066 48069 57673d8 48066->48069 48068 5767cee 48068->48068 48074 57673e3 48069->48074 48070 5768414 48071 5768444 48070->48071 48073 5765780 4 API calls 48070->48073 48072 5765780 4 API calls 48071->48072 48075 576845c 48071->48075 48072->48075 48073->48071 48074->48070 48074->48075 48079 576a043 48074->48079 48097 576a088 48074->48097 48114 576a078 48074->48114 48075->48068 48080 576a04a 48079->48080 48082 576a0c0 48079->48082 48080->48070 48081 576a0cd 48081->48070 48082->48081 48083 576a12f 48082->48083 48084 576a191 48082->48084 48091 576a043 6 API calls 48083->48091 48093 576a078 6 API calls 48083->48093 48094 576a088 6 API calls 48083->48094 48132 576a228 48083->48132 48138 576a238 48083->48138 48144 576a1a6 48083->48144 48150 576a293 48083->48150 48085 5762560 4 API calls 48084->48085 48086 576a273 48085->48086 48088 576a27e 48086->48088 48164 5768044 48086->48164 48088->48070 48089 576a16d 48089->48070 48091->48089 48093->48089 48094->48089 48099 576a0a9 48097->48099 48098 576a0cd 48098->48070 48099->48098 48100 576a12f 48099->48100 48101 576a191 48099->48101 48107 576a1a6 6 API calls 48100->48107 48108 576a043 6 API calls 48100->48108 48109 576a293 6 API calls 48100->48109 48110 576a078 6 API calls 48100->48110 48111 576a088 6 API calls 48100->48111 48112 576a238 6 API calls 48100->48112 48113 576a228 6 API calls 48100->48113 48102 5762560 4 API calls 48101->48102 48103 576a273 48102->48103 48104 5768044 6 API calls 48103->48104 48105 576a27e 48103->48105 48104->48105 48105->48070 48106 576a16d 48106->48070 48107->48106 48108->48106 48109->48106 48110->48106 48111->48106 48112->48106 48113->48106 48115 576a004 48114->48115 48116 576a07f 48114->48116 48115->48070 48117 576a0cd 48116->48117 48118 576a12f 48116->48118 48119 576a191 48116->48119 48117->48070 48125 576a1a6 6 API calls 48118->48125 48126 576a043 6 API calls 48118->48126 48127 576a293 6 API calls 48118->48127 48128 576a078 6 API calls 48118->48128 48129 576a088 6 API calls 48118->48129 48130 576a238 6 API calls 48118->48130 48131 576a228 6 API calls 48118->48131 48120 5762560 4 API calls 48119->48120 48121 576a273 48120->48121 48122 576a27e 48121->48122 48123 5768044 6 API calls 48121->48123 48122->48070 48123->48122 48124 576a16d 48124->48070 48125->48124 48126->48124 48127->48124 48128->48124 48129->48124 48130->48124 48131->48124 48133 576a1b0 48132->48133 48133->48132 48134 5762560 4 API calls 48133->48134 48135 576a273 48134->48135 48136 5768044 6 API calls 48135->48136 48137 576a27e 48135->48137 48136->48137 48137->48089 48139 576a245 48138->48139 48140 5762560 4 API calls 48139->48140 48141 576a273 48140->48141 48142 576a27e 48141->48142 48143 5768044 6 API calls 48141->48143 48142->48089 48143->48142 48145 576a1b0 48144->48145 48146 5762560 4 API calls 48145->48146 48147 576a273 48146->48147 48148 5768044 6 API calls 48147->48148 48149 576a27e 48147->48149 48148->48149 48149->48089 48151 576a1b0 48150->48151 48152 576a29b 48150->48152 48154 5762560 4 API calls 48151->48154 48158 576a343 48152->48158 48173 5768078 48152->48173 48155 576a273 48154->48155 48156 576a27e 48155->48156 48157 5768044 6 API calls 48155->48157 48156->48089 48157->48156 48180 5768088 48158->48180 48160 576a35f 48186 576f718 48160->48186 48191 576f730 48160->48191 48161 576a399 48161->48089 48165 576804f 48164->48165 48166 5768078 6 API calls 48165->48166 48167 576a343 48165->48167 48166->48165 48168 5768088 6 API calls 48167->48168 48169 576a35f 48168->48169 48171 576f730 GetModuleHandleW 48169->48171 48172 576f718 GetModuleHandleW 48169->48172 48170 576a399 48170->48088 48171->48170 48172->48170 48174 5768083 48173->48174 48175 5768088 6 API calls 48174->48175 48176 576a35f 48175->48176 48178 576f730 GetModuleHandleW 48176->48178 48179 576f718 GetModuleHandleW 48176->48179 48177 576a399 48177->48152 48178->48177 48179->48177 48181 5768093 48180->48181 48197 576b274 48181->48197 48183 576b680 48183->48160 48184 576a088 6 API calls 48184->48183 48185 576b458 48185->48183 48185->48184 48188 576f730 48186->48188 48187 576f76d 48187->48161 48188->48187 48206 576f9a8 48188->48206 48209 576f998 48188->48209 48193 576f761 48191->48193 48194 576f7ad 48191->48194 48192 576f76d 48192->48161 48193->48192 48195 576f9a8 GetModuleHandleW 48193->48195 48196 576f998 GetModuleHandleW 48193->48196 48194->48161 48195->48194 48196->48194 48198 576b27f 48197->48198 48199 576cc6a 48198->48199 48201 576ccb9 48198->48201 48199->48185 48202 576ccc2 48201->48202 48205 576cc62 48201->48205 48203 576cd16 KiUserCallbackDispatcher 48202->48203 48204 576cd40 48202->48204 48203->48204 48204->48199 48205->48199 48212 576f9d8 48206->48212 48207 576f9b2 48207->48187 48210 576f9b2 48209->48210 48211 576f9d8 GetModuleHandleW 48209->48211 48210->48187 48211->48210 48213 576f9e8 48212->48213 48214 576fa1c 48213->48214 48215 576fc20 GetModuleHandleW 48213->48215 48214->48207 48216 576fc4d 48215->48216 48216->48207 48221 5765b00 DuplicateHandle 48222 5765b96 48221->48222 48223 5c4d078 48224 5c4d09b 48223->48224 48228 5c4e228 48224->48228 48233 5c4e238 48224->48233 48225 5c4d155 48229 5c4e1c6 48228->48229 48230 5c4e232 48228->48230 48232 5c4e289 48230->48232 48237 5c4dde4 48230->48237 48232->48225 48234 5c4e280 48233->48234 48235 5c4e289 48234->48235 48236 5c4dde4 LoadLibraryW 48234->48236 48235->48225 48236->48235 48238 5c4e380 LoadLibraryW 48237->48238 48240 5c4e3f5 48238->48240 48240->48232

                      Executed Functions

                      Function 00E3EF30 Relevance: 2.3, APIs: 1, Instructions: 763COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490987413.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_e30000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f67493bc95fc5658d65c1722a030847ce975761d48b6575571acda9bff9704c9
                      • Instruction ID: d60e4bedb1eec4f55919b8f37559b2599e9795a2a12c20804e7b9e0f6970ca0f
                      • Opcode Fuzzy Hash: f67493bc95fc5658d65c1722a030847ce975761d48b6575571acda9bff9704c9
                      • Instruction Fuzzy Hash: D7722770A00349CFCB09DFA8C588A9DBBF2BF49314F2585A9E409AF3A5DB359D45CB50
                      Function 069ED1D0 Relevance: 1.7, Strings: 1, Instructions: 422COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: 4aa0b292bbb3ff12859985413520d56bce444e600a4d153b3dafb2fcd2424040
                      • Instruction ID: 3f4f2e5f1c6a9f352d536a91823c44353c39b3aa178ebb2a1791a1931d37a541
                      • Opcode Fuzzy Hash: 4aa0b292bbb3ff12859985413520d56bce444e600a4d153b3dafb2fcd2424040
                      • Instruction Fuzzy Hash: F5025D70A00205DFDB5ADFA8C484AAE7BB7FF89300F248469E9069B795CB35DD45CB90
                      Function 069E9BB8 Relevance: .5, Instructions: 471COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b243a39b55fd1657776b0bac614cbbb188dfc0ddb69da4df6813571c1f1d48d2
                      • Instruction ID: c31501d23a989be88226648bec74fda8eba3a8afbc276bdedcd8b6652d44c81c
                      • Opcode Fuzzy Hash: b243a39b55fd1657776b0bac614cbbb188dfc0ddb69da4df6813571c1f1d48d2
                      • Instruction Fuzzy Hash: 5A222970A00218DFCB56DF65C584B9DBBB6BF89301F2480AAE809AB761DB31DD85CF51
                      Function 069E87F0 Relevance: .5, Instructions: 458COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 79d343434252d1c5f02299e14942613ad2ba84113c03774da54f24638f32b1d6
                      • Instruction ID: 41bfbd30ac6aa3db7f1b0688a5d19f273fa0347f42077ba11d5dac6d62fb3b8f
                      • Opcode Fuzzy Hash: 79d343434252d1c5f02299e14942613ad2ba84113c03774da54f24638f32b1d6
                      • Instruction Fuzzy Hash: 77127D74A002058FC745DF68C684AAABBF6FF89310B19C49AE409DB766C734ED45CFA1
                      Function 069E61D0 Relevance: .4, Instructions: 407COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5004b271aef81c208134ebaf341b45246022368581f06e910dc8d05f5ad95dda
                      • Instruction ID: b27eeb58d458e0792b491e282ec0b4c721421048c4f7695d07c1382bee498197
                      • Opcode Fuzzy Hash: 5004b271aef81c208134ebaf341b45246022368581f06e910dc8d05f5ad95dda
                      • Instruction Fuzzy Hash: 1B027A34A00705CFDB66CF69C584A6ABBF6FF98300F248969E856DBB52D734E845CB40
                      Function 05765880 Relevance: 6.2, APIs: 4, Instructions: 161threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 172 5765880-5765947 GetCurrentProcess 180 5765950-5765984 GetCurrentThread 172->180 181 5765949-576594f 172->181 182 5765986-576598c 180->182 183 576598d-57659c1 GetCurrentProcess 180->183 181->180 182->183 185 57659c3-57659c9 183->185 186 57659ca-57659e5 call 5765a88 183->186 185->186 189 57659eb-5765a1a GetCurrentThreadId 186->189 190 5765a23-5765a85 189->190 191 5765a1c-5765a22 189->191 191->190
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 05765936
                      • GetCurrentThread.KERNEL32 ref: 05765973
                      • GetCurrentProcess.KERNEL32 ref: 057659B0
                      • GetCurrentThreadId.KERNEL32 ref: 05765A09
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 6773c6b639dfd3b75cfcb322902cbff3d5790e86b654859dd6f8cbfbcb878067
                      • Instruction ID: ed12d2389cc5ee4fc04de17be6014fc9b37fbbcc170a794d7ee5b4de7d01d0cc
                      • Opcode Fuzzy Hash: 6773c6b639dfd3b75cfcb322902cbff3d5790e86b654859dd6f8cbfbcb878067
                      • Instruction Fuzzy Hash: 5F619BB08013498FDB04DFA9D5487EEBFF1EF49314F24805AD849A7261D7385845DFA5
                      Function 05761E98 Relevance: 6.2, APIs: 4, Instructions: 150threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 198 5761e98-5761ea1 200 5761ea3-5761ebf 198->200 201 5761f1b-5761f34 198->201 200->201 205 57658b8-5765947 GetCurrentProcess 200->205 209 5765950-5765984 GetCurrentThread 205->209 210 5765949-576594f 205->210 211 5765986-576598c 209->211 212 576598d-57659c1 GetCurrentProcess 209->212 210->209 211->212 214 57659c3-57659c9 212->214 215 57659ca-57659e5 call 5765a88 212->215 214->215 218 57659eb-5765a1a GetCurrentThreadId 215->218 219 5765a23-5765a85 218->219 220 5765a1c-5765a22 218->220 220->219
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 05765936
                      • GetCurrentThread.KERNEL32 ref: 05765973
                      • GetCurrentProcess.KERNEL32 ref: 057659B0
                      • GetCurrentThreadId.KERNEL32 ref: 05765A09
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 96e526ae028469065d19d76b4b8f65b31df0b907501dbeba2c1ce0c4ee9103c8
                      • Instruction ID: 0f449430eb56d16c2ae35cf0c49966a9c5331982ca371244326af31beed74283
                      • Opcode Fuzzy Hash: 96e526ae028469065d19d76b4b8f65b31df0b907501dbeba2c1ce0c4ee9103c8
                      • Instruction Fuzzy Hash: 495187B08003498FDB04DFA9D549BEEBFF1EF88314F24805AE809A73A1D7789944DB65
                      Function 05761EB4 Relevance: 6.1, APIs: 4, Instructions: 132threadCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 227 5761eb4-5765947 GetCurrentProcess 233 5765950-5765984 GetCurrentThread 227->233 234 5765949-576594f 227->234 235 5765986-576598c 233->235 236 576598d-57659c1 GetCurrentProcess 233->236 234->233 235->236 238 57659c3-57659c9 236->238 239 57659ca-57659e5 call 5765a88 236->239 238->239 242 57659eb-5765a1a GetCurrentThreadId 239->242 243 5765a23-5765a85 242->243 244 5765a1c-5765a22 242->244 244->243
                      APIs
                      • GetCurrentProcess.KERNEL32 ref: 05765936
                      • GetCurrentThread.KERNEL32 ref: 05765973
                      • GetCurrentProcess.KERNEL32 ref: 057659B0
                      • GetCurrentThreadId.KERNEL32 ref: 05765A09
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: Current$ProcessThread
                      • String ID:
                      • API String ID: 2063062207-0
                      • Opcode ID: 16a430f896c244c70149e8420a8a0aff77466a3a6865e0606132b573e318fd25
                      • Instruction ID: 5a1cdb1f6f4518e092e72ddab24e2a388e03b6db1f9be5e9e053e4a2ec98d4ea
                      • Opcode Fuzzy Hash: 16a430f896c244c70149e8420a8a0aff77466a3a6865e0606132b573e318fd25
                      • Instruction Fuzzy Hash: F75156B09003098FDB04DFA9D548BAEBFF5EF88310F248469E909A7361DB34A944DF65
                      Function 069EEAC0 Relevance: 2.7, Strings: 2, Instructions: 213COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 475 69eeac0-69eeadf 476 69eec9a-69eecbf 475->476 477 69eeae5-69eeaee 475->477 480 69eecc6-69eed60 call 69ee868 476->480 477->480 481 69eeaf4-69eeb49 477->481 523 69eed65-69eed6a 480->523 490 69eeb4b-69eeb70 481->490 491 69eeb73-69eeb7c 481->491 490->491 493 69eeb7e 491->493 494 69eeb81-69eeb91 491->494 493->494 532 69eeb93 call 69eeca0 494->532 533 69eeb93 call 69eeab0 494->533 534 69eeb93 call 69eeac0 494->534 496 69eeb99-69eeb9b 498 69eeb9d-69eeba2 496->498 499 69eebf5-69eec42 496->499 501 69eebdb-69eebee 498->501 502 69eeba4-69eebd9 498->502 512 69eec49-69eec4e 499->512 501->499 502->512 514 69eec58-69eec5d 512->514 515 69eec50 512->515 518 69eec5f 514->518 519 69eec67-69eec6c 514->519 515->514 518->519 521 69eec6e-69eec7c call 69ee6dc call 69ee6f4 519->521 522 69eec81-69eec82 519->522 521->522 522->476 532->496 533->496 534->496
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: (&jq$(nq
                      • API String ID: 0-2454636555
                      • Opcode ID: da8206a965de1fc95de0660665edf31ec9b6370b29abd5881d3e0d226fcc7ffa
                      • Instruction ID: 36f9217d1a2109b168f44457ab904d20500d0a933656f265e0af6576a162f3cf
                      • Opcode Fuzzy Hash: da8206a965de1fc95de0660665edf31ec9b6370b29abd5881d3e0d226fcc7ffa
                      • Instruction Fuzzy Hash: 5871B131F002199FDB56DFA9C8506AEBBF6EF89700F15852AE406AB380DF349D45C7A1
                      Function 0576F9D8 Relevance: 1.7, APIs: 1, Instructions: 202COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68d1ed648b0e51cf5d2422c3e541b400af2684de049b66bfee635108f112d102
                      • Instruction ID: b62ecf59d513eb5ece2521448cebd86ac2953b6aaa465e484d6cf4c5a8a85cb1
                      • Opcode Fuzzy Hash: 68d1ed648b0e51cf5d2422c3e541b400af2684de049b66bfee635108f112d102
                      • Instruction Fuzzy Hash: 63815970A00B058FDB24DF29E555B6ABBF6FF48300F10892ED84AD7A54DB74E849CB91
                      Function 05C419A4 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                      Download Yara Rule
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05C41AC2
                      Memory Dump Source
                      • Source File: 00000008.00000002.4496570052.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5c40000_Quote List.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: c57159f88f922f56ae2e736986e32bb140ccbcecd76684ae307b76ad0bca5533
                      • Instruction ID: d8fc0c481eff400241af0fd59f4f77f63707bff96e7d0227ec9b7c3ea37bdc1a
                      • Opcode Fuzzy Hash: c57159f88f922f56ae2e736986e32bb140ccbcecd76684ae307b76ad0bca5533
                      • Instruction Fuzzy Hash: ED51CFB1D103499FDB14CFA9C984ADEBFB5BF48300F64852AE819AB210D7759985CF90
                      Function 05C419B0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                      Download Yara Rule
                      APIs
                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05C41AC2
                      Memory Dump Source
                      • Source File: 00000008.00000002.4496570052.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5c40000_Quote List.jbxd
                      Similarity
                      • API ID: CreateWindow
                      • String ID:
                      • API String ID: 716092398-0
                      • Opcode ID: c500c90cddf16e0026cb8f878d25b5fb3e7fe2541f85763f8fcc02a634e4f142
                      • Instruction ID: c20e4304d4c3b93a1f53230e297127acb975c46a7bfdfdc62eca94c6cd8faeef
                      • Opcode Fuzzy Hash: c500c90cddf16e0026cb8f878d25b5fb3e7fe2541f85763f8fcc02a634e4f142
                      • Instruction Fuzzy Hash: 9941DEB1D103499FDB14CF9AC984ADEBFB5BF88300F24852AE819AB210D7759985CF90
                      Function 05C402E4 Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                      Download Yara Rule
                      APIs
                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 05C44031
                      Memory Dump Source
                      • Source File: 00000008.00000002.4496570052.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5c40000_Quote List.jbxd
                      Similarity
                      • API ID: CallProcWindow
                      • String ID:
                      • API String ID: 2714655100-0
                      • Opcode ID: 8b91fe92a6ec6e646439f09ad594f2c4ec887f1778c96e8706ef08a8340afb0d
                      • Instruction ID: b2968f19bd470ae3897aed431c13b0bd1838173193a4eb3d62a2d0b01a7a4106
                      • Opcode Fuzzy Hash: 8b91fe92a6ec6e646439f09ad594f2c4ec887f1778c96e8706ef08a8340afb0d
                      • Instruction Fuzzy Hash: 9D4128B49002059FDB14CF99C888FAABBF6FF88314F24C859D519AB321D775A941CFA0
                      Function 0576CCB9 Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                      Download Yara Rule
                      APIs
                      • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 0576CD2D
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: CallbackDispatcherUser
                      • String ID:
                      • API String ID: 2492992576-0
                      • Opcode ID: 1338eeb61d004e1a05b9ab3971677cea789098d37f64d1ab160754e297093c29
                      • Instruction ID: 8863ebc2c042cf433a93f1ec4f2c129b283aa1c19a7cba4395e43c39767b254c
                      • Opcode Fuzzy Hash: 1338eeb61d004e1a05b9ab3971677cea789098d37f64d1ab160754e297093c29
                      • Instruction Fuzzy Hash: F531E370414384CEDB11DFA6E51A7FA7FF9AB05304F14805AE888A3282DB395905EB71
                      Function 05765AF9 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05765B87
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: e4d58388d56b5796425c782ecbccb042a9feffbeb1756118bd4f52e310b1ae22
                      • Instruction ID: 8a8ea59efb6386b4b2fbea76d722f739f02761171e1fbb7def1b15518376aff0
                      • Opcode Fuzzy Hash: e4d58388d56b5796425c782ecbccb042a9feffbeb1756118bd4f52e310b1ae22
                      • Instruction Fuzzy Hash: A321E5B59002499FDB10CFAAD584ADEBFF4FB48310F14841AE918A3210D378A950DFA0
                      Function 05765B00 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                      Download Yara Rule
                      APIs
                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 05765B87
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: DuplicateHandle
                      • String ID:
                      • API String ID: 3793708945-0
                      • Opcode ID: 9a74761b4722cbeb5dc8034e8db6605bed656f229fcc4bd8562c25c722918578
                      • Instruction ID: fb594406f9fa1781fbd3b28ca7731130efd309143982945fd2af916ffdb92a10
                      • Opcode Fuzzy Hash: 9a74761b4722cbeb5dc8034e8db6605bed656f229fcc4bd8562c25c722918578
                      • Instruction Fuzzy Hash: 2B21F5B59002489FDB10CF9AD984ADEFFF8FB48310F14841AE918A3310D378A940DFA0
                      Function 05761E7C Relevance: 1.6, APIs: 1, Instructions: 60COMMON
                      Download Yara Rule
                      APIs
                      • SetWindowsHookExA.USER32(05213BA0,00000000,?,?,?,?,?,05213BA0,?,05762306,00000000,00000000), ref: 05762513
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: HookWindows
                      • String ID:
                      • API String ID: 2559412058-0
                      • Opcode ID: f2d7353da17c3fe5b5bf735f3175c4aafaaab7533fdaff79cdbbbaed2e4b491f
                      • Instruction ID: 597f0308352e67ae26900ce6c70a8eebb95c63bd079e5e98fb519482ba43aad7
                      • Opcode Fuzzy Hash: f2d7353da17c3fe5b5bf735f3175c4aafaaab7533fdaff79cdbbbaed2e4b491f
                      • Instruction Fuzzy Hash: C92115B59042099FCB54DF9AC944BEEFBF5FF88310F10842AE819A7251C775A944CFA1
                      Function 05762493 Relevance: 1.6, APIs: 1, Instructions: 58COMMON
                      Download Yara Rule
                      APIs
                      • SetWindowsHookExA.USER32(05213BA0,00000000,?,?,?,?,?,05213BA0,?,05762306,00000000,00000000), ref: 05762513
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: HookWindows
                      • String ID:
                      • API String ID: 2559412058-0
                      • Opcode ID: ba41eaa9008b0e0d29a47d9b8d4fd753e53ac119046e2da91588dee1041b585b
                      • Instruction ID: dd5d72cdda1cd334abaadb3cc91547022f83224ac6be51e307dce278221437d6
                      • Opcode Fuzzy Hash: ba41eaa9008b0e0d29a47d9b8d4fd753e53ac119046e2da91588dee1041b585b
                      • Instruction Fuzzy Hash: 6521F4B59002099FCB54DF9AC944BEEFBF5FF88320F14842AE419A7251C775A944CFA1
                      Function 05C4DDE4 Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,05C4E2DE), ref: 05C4E3E6
                      Memory Dump Source
                      • Source File: 00000008.00000002.4496570052.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5c40000_Quote List.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: d22206bc1323a4c697614f29eb5a46598c4885d804a462105a1eba75f870f10c
                      • Instruction ID: a96f14abf172674d94e924399dd9d653eb0e99e6b73d34518d600ee335d0b0f9
                      • Opcode Fuzzy Hash: d22206bc1323a4c697614f29eb5a46598c4885d804a462105a1eba75f870f10c
                      • Instruction Fuzzy Hash: 821112B6C007498BDB10DF9AC444A9EFBF9FB88210F15885AD519A7210D379A545CFA1
                      Function 05C4E379 Relevance: 1.6, APIs: 1, Instructions: 52libraryCOMMON
                      Download Yara Rule
                      APIs
                      • LoadLibraryW.KERNELBASE(00000000,?,?,?,?,00000000,00000E20,?,?,05C4E2DE), ref: 05C4E3E6
                      Memory Dump Source
                      • Source File: 00000008.00000002.4496570052.0000000005C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C40000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5c40000_Quote List.jbxd
                      Similarity
                      • API ID: LibraryLoad
                      • String ID:
                      • API String ID: 1029625771-0
                      • Opcode ID: d530482c20395ca534d882194c65bf50274c25c98a1b2266e4be6c42f7418717
                      • Instruction ID: 122bab542d75ad8357db0f4094fc214904a7eb436c4c0cedb7d3f28a420c73c9
                      • Opcode Fuzzy Hash: d530482c20395ca534d882194c65bf50274c25c98a1b2266e4be6c42f7418717
                      • Instruction Fuzzy Hash: 521123B2C003498FDB10DF9AC444A9EFBF8FF89310F14885AD419A7210D379A645CFA1
                      Function 0576FBD8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                      Download Yara Rule
                      APIs
                      • GetModuleHandleW.KERNELBASE(00000000), ref: 0576FC3E
                      Memory Dump Source
                      • Source File: 00000008.00000002.4495799505.0000000005760000.00000040.00000800.00020000.00000000.sdmp, Offset: 05760000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_5760000_Quote List.jbxd
                      Similarity
                      • API ID: HandleModule
                      • String ID:
                      • API String ID: 4139908857-0
                      • Opcode ID: 2724768e6b0f4eaa0d1cd04249c6790e16d06f263aa7cee7ab42c3a897547b34
                      • Instruction ID: de9e1eeefbed4832f8eef8fb541e3d1d03a045e2141b2fd2b74da33954e88e34
                      • Opcode Fuzzy Hash: 2724768e6b0f4eaa0d1cd04249c6790e16d06f263aa7cee7ab42c3a897547b34
                      • Instruction Fuzzy Hash: 4B1110B6C002498FCB10DF9AD444ADEFBF4FF88310F10842AD929A7200C379A545CFA1
                      Function 069ECCD8 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: $jq
                      • API String ID: 0-2886413773
                      • Opcode ID: f25dba8e784528dd50af2b36d39ebcc0c41e7b14545efad90607af1709763188
                      • Instruction ID: 1aa58ee8751812506b561c8ef6452a55baa0fdb8517cddffc5f4744b0e2f3a61
                      • Opcode Fuzzy Hash: f25dba8e784528dd50af2b36d39ebcc0c41e7b14545efad90607af1709763188
                      • Instruction Fuzzy Hash: 82A15B34A00205DFCB55DF68D884AAE7BF6AF88300F248469E856AB791DB35DD41CBA1
                      Function 069E8DA8 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: 170ae2c7899923aa1f885900f06e88a17959f68b5ee338afda4670fb2fccd4cf
                      • Instruction ID: 0c84a9fc1a2ee81862d6ac1613cb5229bc30ebdd58ae30f089e0558624e78839
                      • Opcode Fuzzy Hash: 170ae2c7899923aa1f885900f06e88a17959f68b5ee338afda4670fb2fccd4cf
                      • Instruction Fuzzy Hash: E7518D71E002199FDB56DFA8C984AAEBBF6FF88300F14846AE915EB251D734DD44CB90
                      Function 069ED1C2 Relevance: 1.4, Strings: 1, Instructions: 136COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: f3106d24fbd8d20b3dea668c40ee20a0229da50427cd767d8e38cdde19d2f2a8
                      • Instruction ID: d3db2acaed79d48536c90c96861e7fe33566fcf12671279f148cb6697f8b4f76
                      • Opcode Fuzzy Hash: f3106d24fbd8d20b3dea668c40ee20a0229da50427cd767d8e38cdde19d2f2a8
                      • Instruction Fuzzy Hash: D551C475E002459FDB56CF68C980AAEBFF6BF89300F198069E9059B761C731ED49CB90
                      Function 069E8D98 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                      Download Yara Rule
                      Strings
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID: @
                      • API String ID: 0-2766056989
                      • Opcode ID: c28018df6eec6f99cc0e33d43ed8453ac2e054f83ffa2e04e1a413e88285121e
                      • Instruction ID: 57f197011c4838883133335bb33f932ce15ebf38279e0bb2c832de6812735989
                      • Opcode Fuzzy Hash: c28018df6eec6f99cc0e33d43ed8453ac2e054f83ffa2e04e1a413e88285121e
                      • Instruction Fuzzy Hash: 4D21B431A002599FCB52DFA8C880EFFBBB9FF49310F14806AE514DB251D7349944CB90
                      Function 069E7B50 Relevance: .6, Instructions: 590COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 52d378ffc842a9b6f41920c8ad2897889772041cb961e5de5ee075e9a80d7dbf
                      • Instruction ID: 946020781400238fd344e53f7986ee11d770b1262e8dd3147a326af7a2504229
                      • Opcode Fuzzy Hash: 52d378ffc842a9b6f41920c8ad2897889772041cb961e5de5ee075e9a80d7dbf
                      • Instruction Fuzzy Hash: 9A423A30A00605CFCB65DFA8D58496ABBF6FF88300B15CA69D45A8BB66D734FC45CB90
                      Function 069EA708 Relevance: .5, Instructions: 540COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3ab03eee31f54bab57bc38e7f0e86de934ed272e0cea01134fed6eda9693980a
                      • Instruction ID: 9790ddc44c9654c3c97e0d1f04aeb93bc0f33ed6ebe26fbf76d92dcc8bfbcb5d
                      • Opcode Fuzzy Hash: 3ab03eee31f54bab57bc38e7f0e86de934ed272e0cea01134fed6eda9693980a
                      • Instruction Fuzzy Hash: 30323874A002099FCB55CF68C584E9EBBF6FF88310F1585A9E805AB765DB30ED85CB90
                      Function 069E9190 Relevance: .5, Instructions: 458COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3f9d17e5cc93aa53e60cbba0c5783b5553a5b1fdb302209f90c2b9d66fe34c3a
                      • Instruction ID: 8dbdcfee790c6c6ec3ad82144b38e69c6b46c45715657638ba29fbcd112d299c
                      • Opcode Fuzzy Hash: 3f9d17e5cc93aa53e60cbba0c5783b5553a5b1fdb302209f90c2b9d66fe34c3a
                      • Instruction Fuzzy Hash: C5124870A00204DFDB55DF68C594A6ABBFBBF88300F248469D916DB7A5DB35EC41CBA0
                      Function 069EFB80 Relevance: .5, Instructions: 453COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8e737d3922556bfe97a37a549389fdf064566468dfc24ac6b930f87d0f007696
                      • Instruction ID: bde63b307b3e4927407d041942a7269137192c85c7353abfea6b587552f826c9
                      • Opcode Fuzzy Hash: 8e737d3922556bfe97a37a549389fdf064566468dfc24ac6b930f87d0f007696
                      • Instruction Fuzzy Hash: AF51AF30B002049FDB44DF68D844B59BBE6FF88310F218269E9099F3DADB75D885CBA1
                      Function 069E6C18 Relevance: .3, Instructions: 279COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 31a00e835a954844715da0a8db82f4f2bff40c04c5d681dff2e418139291a510
                      • Instruction ID: 26c2106802d9024be86797953c52cccaaaad3308b7d5ade6df3ec9412013a8ba
                      • Opcode Fuzzy Hash: 31a00e835a954844715da0a8db82f4f2bff40c04c5d681dff2e418139291a510
                      • Instruction Fuzzy Hash: 2FB18131604740CFD7A2CF29C988B65BBEAEF51314F5884A9D4498FAA2D778FC85CB50
                      Function 069EDBD0 Relevance: .2, Instructions: 215COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6961ccb7c322512f52a93f4a4d06d305bcb0c1587bd74ad7d3b963e324683b25
                      • Instruction ID: 5fc6970d4c0af2e2071f6162dcdc19c46f0f2e8eb07c9b9a00305349453136c4
                      • Opcode Fuzzy Hash: 6961ccb7c322512f52a93f4a4d06d305bcb0c1587bd74ad7d3b963e324683b25
                      • Instruction Fuzzy Hash: 3371F335B042019FCB86DB78D85097ABBF6EFC525071485BAC41ACBB56DB34DC09CBA1
                      Function 069EFB47 Relevance: .2, Instructions: 161COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 53b39bd986b51e1b61bfd37c504f32e8770dedd340cedfe4fff2527adb177d79
                      • Instruction ID: 306ecf0f439fe1003a47dd9835a59ac142b2e13a84374c8f2d5d94f3c8c34757
                      • Opcode Fuzzy Hash: 53b39bd986b51e1b61bfd37c504f32e8770dedd340cedfe4fff2527adb177d79
                      • Instruction Fuzzy Hash: 3C51D370A002009FDB01DF78D894B99BBF5FF85310F25826AE9099F39ADB75D885CB90
                      Function 069EF128 Relevance: .2, Instructions: 153COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 12ddc0a893db43402d3a09229e35e60f98c43a9d01c0246febba4f113fed87f1
                      • Instruction ID: 90901dcaa2306fbc1fe1a9739f85c6b2f00840882da79c29b27c62d600fc48da
                      • Opcode Fuzzy Hash: 12ddc0a893db43402d3a09229e35e60f98c43a9d01c0246febba4f113fed87f1
                      • Instruction Fuzzy Hash: 35512974A002058FCB49DF68D58099DF7F6EF88320B15C666E815AB36ADB30ED45CBA0
                      Function 069E61C0 Relevance: .1, Instructions: 139COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7a115bca7170d22d4c31f38d8bc1ee3f41b94a11d1df2a519e592ec57d97fee8
                      • Instruction ID: fbe05e008ebb992cca5180ab9c7a28161a0a0e7464a0bc896184ed5ca1237704
                      • Opcode Fuzzy Hash: 7a115bca7170d22d4c31f38d8bc1ee3f41b94a11d1df2a519e592ec57d97fee8
                      • Instruction Fuzzy Hash: 26510175E006089FDB25CFA9C884A9EFBF2BF48300F15856AE849AB761D774E845CF40
                      Function 069EEAB0 Relevance: .1, Instructions: 128COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2b1145779a7dcc403e883ea7abec90f162d1051ccec8f5f60ae1f11f4b6db244
                      • Instruction ID: 1cc4d804e1ef873a59738df58df87900e65dd1b9e8f314e48020a1edb42cac16
                      • Opcode Fuzzy Hash: 2b1145779a7dcc403e883ea7abec90f162d1051ccec8f5f60ae1f11f4b6db244
                      • Instruction Fuzzy Hash: 60418D71E002199FDB55DFA5C980AEEFBB6BF98700F248129E405B7750EB70A946CB90
                      Function 069EAF88 Relevance: .1, Instructions: 119COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 804b55f93e0ae0e87f7db661514c5fd8a6175117ec61b527bfefb0a24cf16d49
                      • Instruction ID: 6bd1e1a80699c5171afca6891a5d7ada69ee0730db3b5208b9735925a61d146c
                      • Opcode Fuzzy Hash: 804b55f93e0ae0e87f7db661514c5fd8a6175117ec61b527bfefb0a24cf16d49
                      • Instruction Fuzzy Hash: 6C415C347006049FC795CF69C684E2AB7FAFF88211B1545A9E15ACBB7ACB71EC40CB80
                      Function 069EB468 Relevance: .1, Instructions: 109COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: baae3416e5db8e45b93bafc1ce25811869327f2cea46022571d894196d0b205d
                      • Instruction ID: a11b889d5a2fd02560dd57ba1b4813fd9cbde982bd4cfa5d531586763b57de9e
                      • Opcode Fuzzy Hash: baae3416e5db8e45b93bafc1ce25811869327f2cea46022571d894196d0b205d
                      • Instruction Fuzzy Hash: 5231CD34B002158FCB88EF74DA5557E7BF6AF88300714846AD90ADBAA5EE308C01CBA1
                      Function 069EF4A8 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b7fabda557458d508822253578a1e336823faa0fa41b35a63f010e5bd88c4a2b
                      • Instruction ID: a9e9a1e54c23b2ea5f1e3a676fc8c9a87394eeed19e46a5f708ddcc59c3d0205
                      • Opcode Fuzzy Hash: b7fabda557458d508822253578a1e336823faa0fa41b35a63f010e5bd88c4a2b
                      • Instruction Fuzzy Hash: 2F412934B002058FCB05DF69D588A7EBBFAFF88315B14856AE909DB365DB349D05CB90
                      Function 069EF117 Relevance: .1, Instructions: 95COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c0cfbddb7a29128dffee02dbd0c0209518819bfff0dd88ec672bb5e24de07ef9
                      • Instruction ID: ef9f4cdfede90f47b0a71834a82a655f6ac8d40fe249776f4c422e176e9d821e
                      • Opcode Fuzzy Hash: c0cfbddb7a29128dffee02dbd0c0209518819bfff0dd88ec672bb5e24de07ef9
                      • Instruction Fuzzy Hash: 9931B075E102068FCB49DB68D4509DEFBF6EF88310B15C66AD811AB365DB70D906CB90
                      Function 00DDD054 Relevance: .1, Instructions: 77COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490764640.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_ddd000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 11abe657cfd677f5a629e20e4cb27134b42a1249f4dc2b96f95af51bd43ebedf
                      • Instruction ID: d94e1a6745977f10d2c24d22abfa568a06531e0f2822d74888680c25dd600db9
                      • Opcode Fuzzy Hash: 11abe657cfd677f5a629e20e4cb27134b42a1249f4dc2b96f95af51bd43ebedf
                      • Instruction Fuzzy Hash: 2021B271544240DFCF159F54D9C0F26BF66FB88314F24C66AEA490A356C33AD816DBB1
                      Function 069E87C0 Relevance: .1, Instructions: 76COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c7c4148ec2b0208237e0140a100d86901ba4bd17ef6dc8d8654580d343aed5e4
                      • Instruction ID: ffd98e58c813f7aff53cab3efa4ad8b52e94bcbc44fac45eb1982e81c7f8ea82
                      • Opcode Fuzzy Hash: c7c4148ec2b0208237e0140a100d86901ba4bd17ef6dc8d8654580d343aed5e4
                      • Instruction Fuzzy Hash: 1221E070A043418FC762CB64C640BA6FFF9EF41220F1985A6D498CBA52E378E945CB90
                      Function 069E7B40 Relevance: .1, Instructions: 74COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7c6d88ef8961a2ce3abc05948549e225e7ecd6c351c8edd7fc6ec08b31a4d846
                      • Instruction ID: 2182eb674c5c7a8bcd0144bb931cb45b5e4f99a3063f2d654754acc0bf7aee47
                      • Opcode Fuzzy Hash: 7c6d88ef8961a2ce3abc05948549e225e7ecd6c351c8edd7fc6ec08b31a4d846
                      • Instruction Fuzzy Hash: CE218E31B006409FC726CF69C945996BBFAFF49210B0AC59AE445CB662DB34EC44CB91
                      Function 069EB459 Relevance: .1, Instructions: 73COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 677e7c1190d795be5c9d6f1b43bd48aa0128a56b789e6dd8d7246face401131c
                      • Instruction ID: 94f40efe3c79ad56dabee5a68885c7a4fbe9a4e40e939cdd5927453da445209a
                      • Opcode Fuzzy Hash: 677e7c1190d795be5c9d6f1b43bd48aa0128a56b789e6dd8d7246face401131c
                      • Instruction Fuzzy Hash: B5219F75B001158FCB88EF65DA8156EBBF6EF88300B14416AC95ADBA65EB309D01CBD0
                      Function 00DED488 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490812677.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_ded000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 077fa4f27f6169f394fac02c755d71a544e57080f12c1c9980b3fd9979dbf660
                      • Instruction ID: 43d4ad6db6f2d7f0d90a0eb4a692202955c354f77a0a68dff03850df913769f3
                      • Opcode Fuzzy Hash: 077fa4f27f6169f394fac02c755d71a544e57080f12c1c9980b3fd9979dbf660
                      • Instruction Fuzzy Hash: 59210471504284DFCB05EF15D5C0B26BB66FB95318F24C9ADE8494B396C73AD806CB71
                      Function 069EECA0 Relevance: .1, Instructions: 70COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 02413f6e7aa97f8231a37520a6352be584112071934a21d8df2ed2f200000d6f
                      • Instruction ID: 805d24431063718165c988791bd12bbd5e550219d20beb583338002dddee0a4e
                      • Opcode Fuzzy Hash: 02413f6e7aa97f8231a37520a6352be584112071934a21d8df2ed2f200000d6f
                      • Instruction Fuzzy Hash: 5C11E9317082941FCB465F7888515AF7FE6DFCA21070545AAE506C7392DE388D46C7A2
                      Function 069E9960 Relevance: .1, Instructions: 65COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b9d0e169dcaa1f0baf6f5c7ee5f76bf3f813327a7496479cbab4fe06780da6b9
                      • Instruction ID: a07e0e8d32a6c1c58dbb06824db4bbd28299a9bd5cb145c7a695b419dc994494
                      • Opcode Fuzzy Hash: b9d0e169dcaa1f0baf6f5c7ee5f76bf3f813327a7496479cbab4fe06780da6b9
                      • Instruction Fuzzy Hash: FB1104316042569FCB02DBF8D8540EEBFB6EFC931071440ABD585D7256D6348907C7A1
                      Function 069EAF78 Relevance: .1, Instructions: 59COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f349d13007aa8b3f273e2743d07275c7350ec152af3183948da7220269caa4e6
                      • Instruction ID: d5259f52ffa71255c6eb6856dc9729cdff7b2e9a5551a094726c92813f97fbd6
                      • Opcode Fuzzy Hash: f349d13007aa8b3f273e2743d07275c7350ec152af3183948da7220269caa4e6
                      • Instruction Fuzzy Hash: 3F11A3312086408FC756CB2DD994D2ABBFAFF89224715099AE15ACBB75D731EC41CB50
                      Function 00DDD04F Relevance: .1, Instructions: 58COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490764640.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_ddd000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                      • Instruction ID: 36bd62a088b1198b8e2114f2d48678902978d7d6f367dced94f561812eff5a82
                      • Opcode Fuzzy Hash: b4df52cb15700b59c5b6b401fa95ea1d4e97f6e18881beb99e30f99f1fcf6035
                      • Instruction Fuzzy Hash: 2421A276504280DFCF16CF10D9C4B16BF72FB88314F28C6AAD9490B256C33AD416DBA1
                      Function 069EEFF7 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c29de919812d191275d9f3da59203b921f5fea4620ca7a671d7e00196c26741d
                      • Instruction ID: 881e99167241b134d15510b9705221a2dd72de13b9dd724df2c0c26c784ec0b4
                      • Opcode Fuzzy Hash: c29de919812d191275d9f3da59203b921f5fea4620ca7a671d7e00196c26741d
                      • Instruction Fuzzy Hash: 6111A532D1034AABCB05DFB9E8504DDFBB5EF8A310B158617E520BB261EB712507CB61
                      Function 069EEF4A Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bb28a50a9eb9d9de38d32c06d941befc143ff7cb8f8f4286e8aef378a2846efd
                      • Instruction ID: b02d191252f7555d29271c5abfd520770ffe92e35866c8506752bf656dfb4ddf
                      • Opcode Fuzzy Hash: bb28a50a9eb9d9de38d32c06d941befc143ff7cb8f8f4286e8aef378a2846efd
                      • Instruction Fuzzy Hash: 8E2167B6800249DFCB10CF99C945BDEBFF4EF48320F24841AE918A7250D339A590DFA5
                      Function 069EE868 Relevance: .1, Instructions: 55COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fbdb1ece2db9305bc7705ea22769c0a6d07a087a24ad627fa738d01d39e3f05f
                      • Instruction ID: 84b295eac6796649e8ae1aa9992ed2113a665babf890cc4be496ee95e1d2c7a1
                      • Opcode Fuzzy Hash: fbdb1ece2db9305bc7705ea22769c0a6d07a087a24ad627fa738d01d39e3f05f
                      • Instruction Fuzzy Hash: D11159B6800249DFCB10CF99D904BEEBFF4EB48310F108819E618A7650C339A954DFA4
                      Function 00DED483 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490812677.0000000000DED000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DED000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_ded000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction ID: 0b25ffee1c8922c37a14c28a6adaebe5f68030887857ca2ebfa12f472e5fe251
                      • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                      • Instruction Fuzzy Hash: 9F11DD75504280CFCB02DF14D5C4B15BFB2FB85318F28CAAAD8494B296C33AD80ACB62
                      Function 069E9989 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e45c242e12a54a8ea0d2218353dae2946b9f47f755a4370b5e70fa04678755cd
                      • Instruction ID: 55d27e426ae33880b5ebf16c13ce150bcf4c3d3d2e0692323438e52ac47f27fd
                      • Opcode Fuzzy Hash: e45c242e12a54a8ea0d2218353dae2946b9f47f755a4370b5e70fa04678755cd
                      • Instruction Fuzzy Hash: 0411C431A041569FCB06DBB8D8544AEBFF6FF89310724446BE645D7251D7348902CBA1
                      Function 069E9998 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9c9883b59a613b7cb20b975aec4ebf2eefa7d2d367f1c98cfdf367add9295285
                      • Instruction ID: bed0aaff64c2533f59f55f9542b4825799b4f50e7ccd8535e26d7441f6fd6490
                      • Opcode Fuzzy Hash: 9c9883b59a613b7cb20b975aec4ebf2eefa7d2d367f1c98cfdf367add9295285
                      • Instruction Fuzzy Hash: A201617560011A9FCB45DFA8D9448AEBBFAFB88210710852AEA05DB210D7349901CBE1
                      Function 069ED128 Relevance: .0, Instructions: 50COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5690afd2905573cd2f98bf28ccec23257931f774b7d0438370477c1d8e6fe113
                      • Instruction ID: cdd772dc2e661a68c65af12af6875372218e74d351ad31952a790a10ae5b7743
                      • Opcode Fuzzy Hash: 5690afd2905573cd2f98bf28ccec23257931f774b7d0438370477c1d8e6fe113
                      • Instruction Fuzzy Hash: 1201D431744380AFC7969B68DC50E6F7BB69FC6210F14805BE5548B685CA31DC06C3E1
                      Function 069EF008 Relevance: .0, Instructions: 47COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6598943346a8e796b911c8647f11b3da09a61f5f3f6c91deaceb6d42bb96c7a6
                      • Instruction ID: 0bde5ed3c58004d49c0d1ccb0f752d231a6ed9ca39af2bd04f647d71c5549f03
                      • Opcode Fuzzy Hash: 6598943346a8e796b911c8647f11b3da09a61f5f3f6c91deaceb6d42bb96c7a6
                      • Instruction Fuzzy Hash: 29015232E1060A9BCB04DFA9D8404DDF7B9EFC9710F118717E921B7260EB7125468B60
                      Function 069EC6B8 Relevance: .0, Instructions: 46COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d0ca0a17d79d3bdf2c479937469b4b8951348f1e1bcd673c635a245399d5b55c
                      • Instruction ID: e03f089b782fcf8defaf2b6fcad3d652181a5f95b797e29d2f08f8ed649ef526
                      • Opcode Fuzzy Hash: d0ca0a17d79d3bdf2c479937469b4b8951348f1e1bcd673c635a245399d5b55c
                      • Instruction Fuzzy Hash: C5F0A432704215AF5B51DE59EC408BFB7EEFFC8660314812AE514D7700DB71D80587A0
                      Function 00DDD149 Relevance: .0, Instructions: 45COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490764640.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_ddd000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c99024f7d30d26e69fd5936b5f79cc5923022ad04fd4d9c82316b7724d3cc2f2
                      • Instruction ID: 8b78175f655c1cbfd255d4c1448c10753a9e085bce53aab792c30a3a69c3db8e
                      • Opcode Fuzzy Hash: c99024f7d30d26e69fd5936b5f79cc5923022ad04fd4d9c82316b7724d3cc2f2
                      • Instruction Fuzzy Hash: 2101F271004300AAEB208A1ACD84B67BF9DEF46320F28C52BED480A386C2399C41CAB1
                      Function 069EF098 Relevance: .0, Instructions: 41COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 85c4c847212dc4c52258509703828484df3cd12e7847f42086d75e334d05059d
                      • Instruction ID: b6c4cfd2f141f715f6da94e71fd7e899df563bd96a3a9b1f56d84ba056c1f957
                      • Opcode Fuzzy Hash: 85c4c847212dc4c52258509703828484df3cd12e7847f42086d75e334d05059d
                      • Instruction Fuzzy Hash: 4FF0F67290428AABDB16CB74C4655EFBFB69F45300F588466D182AB251EE705A07C7C1
                      Function 00DDD148 Relevance: .0, Instructions: 36COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4490764640.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_ddd000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: fea878af6b79d8bafabb7c07129742e4f3d5b3bd56c31acad28f681c0b272731
                      • Instruction ID: ba403fb678b18c042faf8966595cf76a7e1e46799be6372810dca8990145072c
                      • Opcode Fuzzy Hash: fea878af6b79d8bafabb7c07129742e4f3d5b3bd56c31acad28f681c0b272731
                      • Instruction Fuzzy Hash: 12F096714043449EFB208A1ADC84B66FFA8EF55734F18C55BED484B386C2799C45CAB1
                      Function 069EF498 Relevance: .0, Instructions: 34COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c41cd4e5b203055bebc342648db708ec91cfd4e24e0dd5af62808e72c5d13900
                      • Instruction ID: 008c4d7b467abed5a7fd27a1fb796ec4d352dc804ffb261d88541038bfcbcc4a
                      • Opcode Fuzzy Hash: c41cd4e5b203055bebc342648db708ec91cfd4e24e0dd5af62808e72c5d13900
                      • Instruction Fuzzy Hash: 09F02B7AA001808FC711DF58E8498AFBFF8FFC5350704815BE808C7302D33469018B91
                      Function 069E6C08 Relevance: .0, Instructions: 33COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3b2717841a32b5b89cea8904a63e3ca9fb103c77efb9ab8520109c474e1397ae
                      • Instruction ID: 3ce3c2f033ccbb2c82aab397db14d25fed7ad202d7df78c5333c84c1b1d232d7
                      • Opcode Fuzzy Hash: 3b2717841a32b5b89cea8904a63e3ca9fb103c77efb9ab8520109c474e1397ae
                      • Instruction Fuzzy Hash: C4F0277230C3504FDB61826AAD45A23BBECDF81260B1440BFF149C2182E529D801CB20
                      Function 069EF0A8 Relevance: .0, Instructions: 32COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c36bbe41429f7598c7d962a6e16373e96cc8d16331f1cd08a30f160f6e8fd7ce
                      • Instruction ID: 41d2e1a8a3e73ca0e5af9b93a41648d52e50944a14717bda99104ed2547897a3
                      • Opcode Fuzzy Hash: c36bbe41429f7598c7d962a6e16373e96cc8d16331f1cd08a30f160f6e8fd7ce
                      • Instruction Fuzzy Hash: 91F0A772E102499BDF16DB64C5159EFBBBAAF84300F45882AD502B7390DE746906C7C1
                      Function 069ED138 Relevance: .0, Instructions: 31COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 40074cfce3d9d3cdcb3e0737dc74182145684b1fa81530b139e3358188e18ef4
                      • Instruction ID: e3d9fd3d3fdbc89ccc075cfd8b3edfb03e72507d269f0581fd9f0a875dbe460d
                      • Opcode Fuzzy Hash: 40074cfce3d9d3cdcb3e0737dc74182145684b1fa81530b139e3358188e18ef4
                      • Instruction Fuzzy Hash: 3AF01C35340204AFC755DA69D850E6BB7AAEBC8710B15C52AF9098B758CA72EC0287E1
                      Function 069EF2D3 Relevance: .0, Instructions: 28COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5ab6c0c35574859fc374532222d1b501099cc3c1e5daae68e9d01fc28ffc381a
                      • Instruction ID: 0aca49833a938ec6e88c91a66d6d0cee7e4ab7e3d90722eaf115f72361d0233f
                      • Opcode Fuzzy Hash: 5ab6c0c35574859fc374532222d1b501099cc3c1e5daae68e9d01fc28ffc381a
                      • Instruction Fuzzy Hash: 56F0B734A241058FCB48CF68D49489DF7B5EF88320715C6AAD819AB366C770E941CF90
                      Function 069EF2FC Relevance: .0, Instructions: 18COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 00000008.00000002.4499173863.00000000069E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 069E0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_8_2_69e0000_Quote List.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9060f3fe7a003dd1dd7825b5e11e539f4733f9da7ede1eb7675397d0d92cb8aa
                      • Instruction ID: 5b80a99b7bd7bc831a54247a510e19678b168d8cbc350eb7ca896291614aca30
                      • Opcode Fuzzy Hash: 9060f3fe7a003dd1dd7825b5e11e539f4733f9da7ede1eb7675397d0d92cb8aa
                      • Instruction Fuzzy Hash: 31D05B71F542454FCB889FBDA4104DCB7A0DBC423431182BBD42AD7267D774C5118B61