Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report RFQ_GGMC-Ref 12-01-2022.exe

Overview

General Information

Sample Name:RFQ_GGMC-Ref 12-01-2022.exe
Analysis ID:551470
MD5:9fd45110bad75cda6de67232014aeb6e
SHA1:a43016fa816afd1693fb7f266dd032fd7f061c35
SHA256:b586ca95ba9557f7ad2434d01f96ff191b77541670894df3b78aa3a8312ae092
Tags:AsyncRATexe
Infos:

Most interesting Screenshot:

Detection

AgentTesla AsyncRAT Nanocore
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected Telegram RAT
Yara detected AgentTesla
Yara detected AntiVM3
Yara detected AsyncRAT
Yara detected Nanocore RAT
Sigma detected: Suspicious Script Execution From Temp Folder
Bypasses PowerShell execution policy
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Yara detected Costura Assembly Loader
Sigma detected: Suspicius Add Task From User AppData Temp
Suspicious powershell command line found
.NET source code contains potential unpacker
Sigma detected: Powershell Defender Exclusion
.NET source code contains method to dynamically call methods (often used by packers)
Adds a directory exclusion to Windows Defender
Uses schtasks.exe or at.exe to add and modify task schedules
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
Contains long sleeps (>= 3 min)
Enables debug privileges
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • RFQ_GGMC-Ref 12-01-2022.exe (PID: 6964 cmdline: "C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe" MD5: 9FD45110BAD75CDA6DE67232014AEB6E)
    • powershell.exe (PID: 6080 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 6136 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 5800 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • RFQ_GGMC-Ref 12-01-2022.exe (PID: 7000 cmdline: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe MD5: 9FD45110BAD75CDA6DE67232014AEB6E)
    • RFQ_GGMC-Ref 12-01-2022.exe (PID: 6948 cmdline: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe MD5: 9FD45110BAD75CDA6DE67232014AEB6E)
      • cmd.exe (PID: 5684 cmdline: "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 5852 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • schtasks.exe (PID: 5580 cmdline: schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • cmd.exe (PID: 3868 cmdline: C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat"" MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6276 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • conhost.exe (PID: 2532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • timeout.exe (PID: 2292 cmdline: timeout 3 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)
        • mozille.exe (PID: 6564 cmdline: "C:\Users\user\AppData\Local\Temp\mozille.exe" MD5: 9FD45110BAD75CDA6DE67232014AEB6E)
          • powershell.exe (PID: 5452 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
  • mozille.exe (PID: 6316 cmdline: C:\Users\user\AppData\Local\Temp\mozille.exe MD5: 9FD45110BAD75CDA6DE67232014AEB6E)
    • powershell.exe (PID: 5400 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 5824 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • schtasks.exe (PID: 5192 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6444 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • mozille.exe (PID: 6620 cmdline: C:\Users\user\AppData\Local\Temp\mozille.exe MD5: 9FD45110BAD75CDA6DE67232014AEB6E)
      • cmd.exe (PID: 5000 cmdline: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6876 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • powershell.exe (PID: 5648 cmdline: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
          • jzhlgt.exe (PID: 6500 cmdline: "C:\Users\user\AppData\Local\Temp\jzhlgt.exe" MD5: 76F7AB6A302E47D7F7FDB4EA2540323E)
            • jzhlgt.exe (PID: 5964 cmdline: C:\Users\user\AppData\Local\Temp\jzhlgt.exe MD5: 76F7AB6A302E47D7F7FDB4EA2540323E)
            • jzhlgt.exe (PID: 3076 cmdline: C:\Users\user\AppData\Local\Temp\jzhlgt.exe MD5: 76F7AB6A302E47D7F7FDB4EA2540323E)
      • cmd.exe (PID: 3312 cmdline: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\dlliok.exe"' & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)
        • conhost.exe (PID: 6856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • powershell.exe (PID: 4636 cmdline: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\dlliok.exe"' MD5: DBA3E6449E97D4E3DF64527EF7012A10)
          • dlliok.exe (PID: 2804 cmdline: "C:\Users\user\AppData\Local\Temp\dlliok.exe" MD5: 8B4D4FC3E962F26A4C74120F33BB7460)
            • powershell.exe (PID: 6276 cmdline: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\pLrWNKFD.exe MD5: DBA3E6449E97D4E3DF64527EF7012A10)
            • schtasks.exe (PID: 4872 cmdline: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pLrWNKFD" /XML "C:\Users\user\AppData\Local\Temp\tmp9C7F.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
              • conhost.exe (PID: 4740 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
            • dlliok.exe (PID: 1316 cmdline: C:\Users\user\AppData\Local\Temp\dlliok.exe MD5: 8B4D4FC3E962F26A4C74120F33BB7460)
              • schtasks.exe (PID: 4412 cmdline: schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmpAD4.tmp MD5: 15FF7D8324231381BAD48A052F85DF04)
                • conhost.exe (PID: 6124 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • dlliok.exe (PID: 6844 cmdline: C:\Users\user\AppData\Local\Temp\dlliok.exe 0 MD5: 8B4D4FC3E962F26A4C74120F33BB7460)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000028.00000002.578366682.0000000005520000.00000004.00020000.sdmpNanocore_RAT_Gen_2Detetcs the Nanocore RATFlorian Roth
  • 0xe75:$x1: NanoCore.ClientPluginHost
  • 0xe8f:$x2: IClientNetworkHost
00000028.00000002.578366682.0000000005520000.00000004.00020000.sdmpNanocore_RAT_Feb18_1Detects Nanocore RATFlorian Roth
  • 0xe75:$x2: NanoCore.ClientPluginHost
  • 0x1261:$s3: PipeExists
  • 0x1136:$s4: PipeCreated
  • 0xeb0:$s5: IClientLoggingHost
0000001D.00000000.485797688.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    0000001D.00000000.485797688.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_2Yara detected AgentTeslaJoe Security
      00000015.00000002.564363154.0000000000402000.00000040.00000001.sdmpJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
        Click to see the 64 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
          7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
            7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
              7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpackJoeSecurity_AsyncRATYara detected AsyncRATJoe Security
                  Click to see the 6 entries

                  Sigma Overview

                  System Summary:

                  barindex
                  Sigma detected: Suspicious Script Execution From Temp FolderShow sources
                  Source: Process startedAuthor: Florian Roth, Max Altgelt: Data: Command: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' , CommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' , CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' & exit, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 5000, ProcessCommandLine: powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' , ProcessId: 5648
                  Sigma detected: Suspicius Add Task From User AppData TempShow sources
                  Source: Process startedAuthor: frack113: Data: Command: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp, CommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp, CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe" , ParentImage: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe, ParentProcessId: 6964, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp, ProcessId: 6136
                  Sigma detected: Powershell Defender ExclusionShow sources
                  Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe" , ParentImage: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe, ParentProcessId: 6964, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe, ProcessId: 6080
                  Sigma detected: Non Interactive PowerShellShow sources
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe, CommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe, CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe" , ParentImage: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe, ParentProcessId: 6964, ProcessCommandLine: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe, ProcessId: 6080
                  Sigma detected: T1086 PowerShell ExecutionShow sources
                  Source: Pipe createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: PipeName: \PSHost.132864805308084968.6080.DefaultAppDomain.powershell

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: RFQ_GGMC-Ref 12-01-2022.exeVirustotal: Detection: 26%Perma Link
                  Yara detected Nanocore RATShow sources
                  Source: Yara matchFile source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.575326002.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.572373638.0000000002B81000.00000004.00000001.sdmp, type: MEMORY
                  Source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpackAvira: Label: TR/Dropper.Gen
                  Source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpackAvira: Label: TR/Dropper.Gen
                  Source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpackAvira: Label: TR/Dropper.Gen
                  Source: 7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpackAvira: Label: TR/Dropper.Gen
                  Source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpackAvira: Label: TR/Dropper.Gen
                  Source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.8.unpackAvira: Label: TR/Dropper.Gen
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: Binary string: IDescriptionMetadataEnt.pdb source: mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmp

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2030673 ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server) 89.238.150.43:5512 -> 192.168.2.3:49720
                  Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49729 -> 89.238.150.43:5512
                  Source: TrafficSnort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49730 -> 89.238.150.43:5512
                  Source: global trafficTCP traffic: 192.168.2.3:49720 -> 89.238.150.43:5512
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: unknownTCP traffic detected without corresponding DNS query: 89.238.150.43
                  Source: mozille.exeString found in binary or memory: http://ati.amd.com/developer/compressonator.html
                  Source: mozille.exeString found in binary or memory: http://developer.nvidia.com/object/dds_thumbnail_viewer.html
                  Source: mozille.exeString found in binary or memory: http://developer.nvidia.com/object/photoshop_dds_plugins.html
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: http://developer.nvidia.com/object/photoshop_dds_plugins.htmlyhttp://developer.nvidia.com/object/dds
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://fontfabrik.com
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.394466512.0000000003659000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmpString found in binary or memory: http://igaeJZ.so
                  Source: mozille.exe, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.580953387.00000000078F0000.00000004.00020000.sdmpString found in binary or memory: http://igaeditor.sourceforge.net/
                  Source: mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: http://igaeditor.sourceforge.net/latest.txt
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: http://igaeditor.sourceforge.net/ohttp://www.totalbf2142.com/forums/showthread.php?t=5342
                  Source: mozille.exeString found in binary or memory: http://igaeditor.sourceforge.net/wiki/
                  Source: mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmpString found in binary or memory: http://micolous.id.au
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.341191488.0000000006C10000.00000004.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.396925002.0000000006750000.00000004.00020000.sdmp, mozille.exe, 0000000E.00000002.394466512.0000000003659000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.580953387.00000000078F0000.00000004.00020000.sdmpString found in binary or memory: http://micolous.id.au/
                  Source: mozille.exeString found in binary or memory: http://micolous.id.au/projects/bf21
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.341191488.0000000006C10000.00000004.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.396925002.0000000006750000.00000004.00020000.sdmp, mozille.exe, 0000000E.00000002.394466512.0000000003659000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.580953387.00000000078F0000.00000004.00020000.sdmpString found in binary or memory: http://micolous.id.au/projects/bf2142/
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: http://micolous.id.au/projects/bf2142/.
                  Source: mozille.exeString found in binary or memory: http://registry.gimp.org/plugin?id=4816
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.360806225.0000000002B36000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.fonts.com
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: http://www.gimp.org/windows/
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: http://www.pcgamingboards.com/smf/index.php?topic=129.msg279#msg279
                  Source: mozille.exeString found in binary or memory: http://www.radgametools.com/bnkdown.htm
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.tiro.com
                  Source: mozille.exeString found in binary or memory: http://www.totalbf2142.com/forums/showthread.php?t=5342
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.typography.netD
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: mozille.exeString found in binary or memory: https://sourceforge.net/project/showfiles.php?group_id=181663
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpString found in binary or memory: https://sourceforge.net/project/showfiles.php?group_id=181663Mhttp://igaeditor.sourceforge.net/wiki/
                  Source: mozille.exeString found in binary or memory: https://sourceforge.net/svn/?group_id=181663

                  Key, Mouse, Clipboard, Microphone and Screen Capturing:

                  barindex
                  Yara detected AsyncRATShow sources
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.277261c.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.mozille.exe.26c25b0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000015.00000002.564363154.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335571895.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.389862678.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390327325.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000003.453796076.00000000056C5000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335001041.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.359864523.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.388653976.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.334452217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.333878908.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390769248.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.571714369.00000000031A1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6948, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: mozille.exe PID: 6316, type: MEMORYSTR
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.337721695.0000000000A48000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

                  E-Banking Fraud:

                  barindex
                  Yara detected Nanocore RATShow sources
                  Source: Yara matchFile source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.575326002.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.572373638.0000000002B81000.00000004.00000001.sdmp, type: MEMORY

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 00000028.00000002.578366682.0000000005520000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000002.575326002.0000000003B89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Detetcs the Nanocore RAT Author: Florian Roth
                  Source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: 00000028.00000002.572373638.0000000002B81000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                  Source: 00000028.00000002.578366682.0000000005520000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000002.578366682.0000000005520000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000002.575326002.0000000003B89000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE
                  Source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
                  Source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: 00000028.00000002.572373638.0000000002B81000.00000004.00000001.sdmp, type: MEMORYMatched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeCode function: 0_2_00A3E7210_2_00A3E721
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeCode function: 0_2_00A3E7300_2_00A3E730
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeCode function: 0_2_00A3C7640_2_00A3C764
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_00C1C76414_2_00C1C764
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_00C1E72114_2_00C1E721
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_00C1E73014_2_00C1E730
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_04F87ABC14_2_04F87ABC
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_04F8827B14_2_04F8827B
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 15_2_01A0E72115_2_01A0E721
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 15_2_01A0E73015_2_01A0E730
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 15_2_01A0C76415_2_01A0C764
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.337279816.000000000041E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIDescriptionMetadataEnt.exeH vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameStub.exe" vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.337721695.0000000000A48000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameUI.dllF vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000002.328182607.00000000001EE000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIDescriptionMetadataEnt.exeH vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333072613.000000000060E000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameIDescriptionMetadataEnt.exeH vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.334476834.000000000040E000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameStub.exe" vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameIDescriptionMetadataEnt.exeH vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.360214785.0000000000CEA000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ_GGMC-Ref 12-01-2022.exe
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: lhWbLvHNlciwu.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: lhWbLvHNlciwu.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: RFQ_GGMC-Ref 12-01-2022.exeVirustotal: Detection: 26%
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile read: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeJump to behavior
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe "C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe"
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat""
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"'
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 3
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe C:\Users\user\AppData\Local\Temp\mozille.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe "C:\Users\user\AppData\Local\Temp\mozille.exe"
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe C:\Users\user\AppData\Local\Temp\mozille.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"' & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"'
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\jzhlgt.exe "C:\Users\user\AppData\Local\Temp\jzhlgt.exe"
                  Source: C:\Users\user\AppData\Local\Temp\jzhlgt.exeProcess created: C:\Users\user\AppData\Local\Temp\jzhlgt.exe C:\Users\user\AppData\Local\Temp\jzhlgt.exe
                  Source: C:\Users\user\AppData\Local\Temp\jzhlgt.exeProcess created: C:\Users\user\AppData\Local\Temp\jzhlgt.exe C:\Users\user\AppData\Local\Temp\jzhlgt.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c start /b powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\dlliok.exe"' & exit
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\dlliok.exe"'
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\dlliok.exe "C:\Users\user\AppData\Local\Temp\dlliok.exe"
                  Source: C:\Users\user\AppData\Local\Temp\dlliok.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\pLrWNKFD.exe
                  Source: C:\Windows\System32\conhost.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\dlliok.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\pLrWNKFD" /XML "C:\Users\user\AppData\Local\Temp\tmp9C7F.tmp
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\dlliok.exeProcess created: C:\Users\user\AppData\Local\Temp\dlliok.exe C:\Users\user\AppData\Local\Temp\dlliok.exe
                  Source: C:\Users\user\AppData\Local\Temp\dlliok.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks.exe" /create /f /tn "DHCP Monitor" /xml "C:\Users\user\AppData\Local\Temp\tmpAD4.tmp
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\dlliok.exe C:\Users\user\AppData\Local\Temp\dlliok.exe 0
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmpJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' & exitJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat""Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 3 Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe "C:\Users\user\AppData\Local\Temp\mozille.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe C:\Users\user\AppData\Local\Temp\mozille.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile created: C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile created: C:\Users\user\AppData\Local\Temp\tmp71CD.tmpJump to behavior
                  Source: classification engineClassification label: mal100.troj.evad.winEXE@53/16@0/1
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpBinary or memory string: INSERT INTO [content] ([active], [activate], [expire], [dayparts], [contentType], [descriptor], [size], [viewcount], [viewlimit], [displayafter], [props], [data]) VALUES (@active, @activate, @expire, @dayparts, @contentType, @descriptor, @size, @viewcount, @viewlimit, @displayafter, @props, @data); SELECT last_insert_rowid() AS contentId;
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5800:120:WilError_01
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeMutant created: \Sessions\1\BaseNamedObjects\AsyncMutex_6SI8OkPnk
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5852:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5824:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6276:120:WilError_01
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6100:120:WilError_01
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat""
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, WXX/jXQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.390000.0.unpack, WXX/jXQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.0.RFQ_GGMC-Ref 12-01-2022.exe.390000.0.unpack, WXX/jXQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 5.0.RFQ_GGMC-Ref 12-01-2022.exe.160000.1.unpack, WXX/jXQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 5.2.RFQ_GGMC-Ref 12-01-2022.exe.160000.0.unpack, WXX/jXQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: 5.0.RFQ_GGMC-Ref 12-01-2022.exe.160000.2.unpack, WXX/jXQ.csCryptographic APIs: 'CreateDecryptor'
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                  Source: RFQ_GGMC-Ref 12-01-2022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: IDescriptionMetadataEnt.pdb source: mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmp

                  Data Obfuscation:

                  barindex
                  Yara detected Costura Assembly LoaderShow sources
                  Source: Yara matchFile source: 00000015.00000002.582533114.0000000007400000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.571994209.00000000031E3000.00000004.00000001.sdmp, type: MEMORY
                  Suspicious powershell command line foundShow sources
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"'
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\dlliok.exe"'
                  .NET source code contains potential unpackerShow sources
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, sO/j4.cs.Net Code: gNn System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.390000.0.unpack, sO/j4.cs.Net Code: gNn System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 0.0.RFQ_GGMC-Ref 12-01-2022.exe.390000.0.unpack, sO/j4.cs.Net Code: gNn System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.0.RFQ_GGMC-Ref 12-01-2022.exe.160000.1.unpack, sO/j4.cs.Net Code: gNn System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.2.RFQ_GGMC-Ref 12-01-2022.exe.160000.0.unpack, sO/j4.cs.Net Code: gNn System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  Source: 5.0.RFQ_GGMC-Ref 12-01-2022.exe.160000.2.unpack, sO/j4.cs.Net Code: gNn System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                  .NET source code contains method to dynamically call methods (often used by packers)Show sources
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, WXX/jXQ.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                  Source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.390000.0.unpack, WXX/jXQ.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                  Source: 0.0.RFQ_GGMC-Ref 12-01-2022.exe.390000.0.unpack, WXX/jXQ.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                  Source: 5.0.RFQ_GGMC-Ref 12-01-2022.exe.160000.1.unpack, WXX/jXQ.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                  Source: 5.2.RFQ_GGMC-Ref 12-01-2022.exe.160000.0.unpack, WXX/jXQ.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                  Source: 5.0.RFQ_GGMC-Ref 12-01-2022.exe.160000.2.unpack, WXX/jXQ.cs.Net Code: stackVariable1.GetMethod("GetDelegateForFunctionPointer", V_0)
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeCode function: 0_2_00A3C910 pushad ; retf 0_2_00A3F571
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeCode function: 0_2_00A3F572 pushad ; retf 0_2_00A3F571
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_00C1C910 pushad ; retf 14_2_00C1F571
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_00C1F572 pushad ; retf 14_2_00C1F571
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_04F84E40 push esp; retf 14_2_04F84E4D
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_04F81778 push eax; mov dword ptr [esp], ecx14_2_04F8177C
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 14_2_04F81768 push eax; mov dword ptr [esp], ecx14_2_04F8177C
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeCode function: 15_2_01A0C910 pushad ; retf 15_2_01A0F571
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.64899477975
                  Source: initial sampleStatic PE information: section name: .text entropy: 7.64899477975
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile created: C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exeJump to dropped file
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile created: C:\Users\user\AppData\Local\Temp\mozille.exeJump to dropped file

                  Boot Survival:

                  barindex
                  Yara detected AsyncRATShow sources
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.277261c.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.mozille.exe.26c25b0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000015.00000002.564363154.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335571895.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.389862678.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390327325.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000003.453796076.00000000056C5000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335001041.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.359864523.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.388653976.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.334452217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.333878908.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390769248.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.571714369.00000000031A1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6948, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: mozille.exe PID: 6316, type: MEMORYSTR
                  Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion:

                  barindex
                  Yara detected AntiVM3Show sources
                  Source: Yara matchFile source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.277261c.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.mozille.exe.26c25b0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 15.2.mozille.exe.33325b0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000001B.00000002.492375897.00000000032D1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.538688651.00000000033B1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: mozille.exe PID: 6316, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: mozille.exe PID: 6564, type: MEMORYSTR
                  Yara detected AsyncRATShow sources
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.277261c.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.mozille.exe.26c25b0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000015.00000002.564363154.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335571895.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.389862678.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390327325.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000003.453796076.00000000056C5000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335001041.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.359864523.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.388653976.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.334452217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.333878908.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390769248.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.571714369.00000000031A1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6948, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: mozille.exe PID: 6316, type: MEMORYSTR
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.335571895.0000000000402000.00000040.00000001.sdmp, mozille.exe, 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe TID: 3912Thread sleep time: -40187s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe TID: 3732Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5648Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe TID: 5848Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exe TID: 2220Thread sleep time: -35668s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exe TID: 6380Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exe TID: 4760Thread sleep time: -41095s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3892Thread sleep time: -6456360425798339s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6393Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2721Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5790
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3078
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeThread delayed: delay time: 40187Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeThread delayed: delay time: 35668
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeThread delayed: delay time: 41095
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpBinary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
                  Source: mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                  Source: mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpBinary or memory string: vmware
                  Source: mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion:

                  barindex
                  Bypasses PowerShell execution policyShow sources
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell ExecutionPolicy Bypass Start-Process -FilePath '"C:\Users\user\AppData\Local\Temp\jzhlgt.exe"'
                  Adds a directory exclusion to Windows DefenderShow sources
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\AppData\Local\Temp\dlliok.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\pLrWNKFD.exe
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmpJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' & exitJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat""Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe timeout 3 Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe "C:\Users\user\AppData\Local\Temp\mozille.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Users\user\AppData\Local\Temp\mozille.exe C:\Users\user\AppData\Local\Temp\mozille.exe
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                  Source: mozille.exe, 0000000F.00000002.571887916.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Program Manager
                  Source: mozille.exe, 0000000F.00000002.571887916.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: mozille.exe, 0000000F.00000002.571887916.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Progman
                  Source: mozille.exe, 0000000F.00000002.571887916.0000000001DB0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Users\user\AppData\Local\Temp\mozille.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Users\user\AppData\Local\Temp\mozille.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\mozille.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation
                  Source: C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Lowering of HIPS / PFW / Operating System Security Settings:

                  barindex
                  Yara detected AsyncRATShow sources
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.8.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.RFQ_GGMC-Ref 12-01-2022.exe.277261c.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 14.2.mozille.exe.26c25b0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000015.00000002.564363154.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335571895.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.389862678.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390327325.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000003.453796076.00000000056C5000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.335001041.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000002.359864523.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.388653976.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.334452217.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000007.00000000.333878908.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000000.390769248.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000015.00000002.571714369.00000000031A1000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: RFQ_GGMC-Ref 12-01-2022.exe PID: 6948, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: mozille.exe PID: 6316, type: MEMORYSTR

                  Stealing of Sensitive Information:

                  barindex
                  Yara detected Telegram RATShow sources
                  Source: Yara matchFile source: 0000001D.00000002.574363580.0000000002F31000.00000004.00000001.sdmp, type: MEMORY
                  Yara detected AgentTeslaShow sources
                  Source: Yara matchFile source: 0000001D.00000000.485797688.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000000.487776252.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000000.486771579.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000000.484899643.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.564381690.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.493963326.00000000042D9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.574363580.0000000002F31000.00000004.00000001.sdmp, type: MEMORY
                  Yara detected Nanocore RATShow sources
                  Source: Yara matchFile source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.575326002.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.572373638.0000000002B81000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.574363580.0000000002F31000.00000004.00000001.sdmp, type: MEMORY

                  Remote Access Functionality:

                  barindex
                  Yara detected Telegram RATShow sources
                  Source: Yara matchFile source: 0000001D.00000002.574363580.0000000002F31000.00000004.00000001.sdmp, type: MEMORY
                  Yara detected AgentTeslaShow sources
                  Source: Yara matchFile source: 0000001D.00000000.485797688.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000000.487776252.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000000.486771579.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000000.484899643.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.564381690.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001B.00000002.493963326.00000000042D9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000001D.00000002.574363580.0000000002F31000.00000004.00000001.sdmp, type: MEMORY
                  Yara detected Nanocore RATShow sources
                  Source: Yara matchFile source: 00000028.00000000.532162937.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.533503527.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.575326002.0000000003B89000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.534610587.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000000.531340924.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.578385897.0000000005530000.00000004.00020000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000021.00000002.539866646.00000000043B9000.00000004.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.564500309.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000028.00000002.572373638.0000000002B81000.00000004.00000001.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsScheduled Task/Job2Scheduled Task/Job2Process Injection12Masquerading1Input Capture1Security Software Discovery11Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScripting1Boot or Logon Initialization ScriptsScheduled Task/Job2Disable or Modify Tools11LSASS MemoryProcess Discovery2Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsPowerShell2Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion21Security Account ManagerVirtualization/Sandbox Evasion21SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection12NTDSApplication Window Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsFile and Directory Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonScripting1Cached Domain CredentialsSystem Information Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsObfuscated Files or Information12DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobSoftware Packing23Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 551470 Sample: RFQ_GGMC-Ref 12-01-2022.exe Startdate: 12/01/2022 Architecture: WINDOWS Score: 100 61 89.238.150.43, 49720, 49722, 49723 M247GB United Kingdom 2->61 63 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->63 65 Malicious sample detected (through community Yara rule) 2->65 67 Multi AV Scanner detection for submitted file 2->67 69 14 other signatures 2->69 10 RFQ_GGMC-Ref 12-01-2022.exe 7 2->10         started        14 mozille.exe 2->14         started        signatures3 process4 file5 55 C:\Users\user\AppData\...\lhWbLvHNlciwu.exe, PE32 10->55 dropped 57 C:\Users\user\AppData\Local\...\tmp71CD.tmp, XML 10->57 dropped 59 C:\Users\...\RFQ_GGMC-Ref 12-01-2022.exe.log, ASCII 10->59 dropped 71 Adds a directory exclusion to Windows Defender 10->71 16 RFQ_GGMC-Ref 12-01-2022.exe 6 10->16         started        19 powershell.exe 19 10->19         started        21 schtasks.exe 1 10->21         started        23 RFQ_GGMC-Ref 12-01-2022.exe 10->23         started        25 powershell.exe 14->25         started        27 schtasks.exe 14->27         started        signatures6 process7 file8 53 C:\Users\user\AppData\Local\...\mozille.exe, PE32 16->53 dropped 29 cmd.exe 1 16->29         started        32 cmd.exe 1 16->32         started        34 conhost.exe 19->34         started        36 conhost.exe 21->36         started        38 conhost.exe 25->38         started        process9 signatures10 75 Suspicious powershell command line found 29->75 77 Bypasses PowerShell execution policy 29->77 40 conhost.exe 29->40         started        42 schtasks.exe 1 29->42         started        44 mozille.exe 32->44         started        47 conhost.exe 32->47         started        49 timeout.exe 32->49         started        process11 signatures12 73 Adds a directory exclusion to Windows Defender 44->73 51 powershell.exe 44->51         started        process13

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  RFQ_GGMC-Ref 12-01-2022.exe26%VirustotalBrowse

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.4.unpack100%AviraTR/Dropper.GenDownload File
                  7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.10.unpack100%AviraTR/Dropper.GenDownload File
                  7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.6.unpack100%AviraTR/Dropper.GenDownload File
                  7.2.RFQ_GGMC-Ref 12-01-2022.exe.400000.0.unpack100%AviraTR/Dropper.GenDownload File
                  7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.12.unpack100%AviraTR/Dropper.GenDownload File
                  7.0.RFQ_GGMC-Ref 12-01-2022.exe.400000.8.unpack100%AviraTR/Dropper.GenDownload File

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
                  http://micolous.id.au/projects/bf210%Avira URL Cloudsafe
                  http://www.tiro.com0%URL Reputationsafe
                  http://www.goodfont.co.kr0%URL Reputationsafe
                  http://www.sajatypeworks.com0%URL Reputationsafe
                  http://www.typography.netD0%URL Reputationsafe
                  http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
                  http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
                  http://fontfabrik.com0%URL Reputationsafe
                  http://www.totalbf2142.com/forums/showthread.php?t=53420%Avira URL Cloudsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://micolous.id.au/projects/bf2142/.0%Avira URL Cloudsafe
                  http://www.sandoll.co.kr0%URL Reputationsafe
                  http://www.urwpp.deDPlease0%URL Reputationsafe
                  http://www.zhongyicts.com.cn0%URL Reputationsafe
                  http://www.sakkal.com0%URL Reputationsafe
                  http://micolous.id.au0%Avira URL Cloudsafe
                  http://micolous.id.au/projects/bf2142/0%Avira URL Cloudsafe
                  http://igaeJZ.so0%Avira URL Cloudsafe
                  http://www.pcgamingboards.com/smf/index.php?topic=129.msg279#msg2790%Avira URL Cloudsafe
                  http://www.carterandcone.coml0%URL Reputationsafe
                  http://www.founder.com.cn/cn0%URL Reputationsafe
                  http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
                  http://micolous.id.au/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  No contacted domains info

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.fontbureau.com/designersGRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                    		high
                    http://igaeditor.sourceforge.net/wiki/mozille.exefalse
                      		high
                      http://ati.amd.com/developer/compressonator.htmlmozille.exefalse
                        		high
                        http://www.fontbureau.com/designers/?RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                          		high
                          https://sourceforge.net/project/showfiles.php?group_id=181663Mhttp://igaeditor.sourceforge.net/wiki/RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                            		high
                            http://www.founder.com.cn/cn/bTheRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            http://www.fontbureau.com/designers?RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                              		high
                              http://www.radgametools.com/bnkdown.htmmozille.exefalse
                                		high
                                http://developer.nvidia.com/object/dds_thumbnail_viewer.htmlmozille.exefalse
                                  		high
                                  http://micolous.id.au/projects/bf21mozille.exefalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.tiro.comRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.fontbureau.com/designersRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                    		high
                                    http://www.goodfont.co.krRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.gimp.org/windows/mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                                      		high
                                      http://www.sajatypeworks.comRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.typography.netDRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.founder.com.cn/cn/cTheRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.galapagosdesign.com/staff/dennis.htmRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://fontfabrik.comRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      		unknown
                                      http://www.totalbf2142.com/forums/showthread.php?t=5342mozille.exefalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://sourceforge.net/svn/?group_id=181663mozille.exefalse
                                        		high
                                        http://www.galapagosdesign.com/DPleaseRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://micolous.id.au/projects/bf2142/.RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.fonts.comRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.sandoll.co.krRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.urwpp.deDPleaseRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.zhongyicts.com.cnRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.360806225.0000000002B36000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmpfalse
                                            		high
                                            http://www.sakkal.comRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            		unknown
                                            http://micolous.id.aumozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://micolous.id.au/projects/bf2142/RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.341191488.0000000006C10000.00000004.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.396925002.0000000006750000.00000004.00020000.sdmp, mozille.exe, 0000000E.00000002.394466512.0000000003659000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.580953387.00000000078F0000.00000004.00020000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://www.apache.org/licenses/LICENSE-2.0RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                              		high
                                              http://www.fontbureau.comRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                		high
                                                http://igaeditor.sourceforge.net/mozille.exe, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.580953387.00000000078F0000.00000004.00020000.sdmpfalse
                                                  		high
                                                  http://igaeditor.sourceforge.net/latest.txtmozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                                                    		high
                                                    http://igaeJZ.soRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.394466512.0000000003659000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://www.pcgamingboards.com/smf/index.php?topic=129.msg279#msg279mozille.exe, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://igaeditor.sourceforge.net/ohttp://www.totalbf2142.com/forums/showthread.php?t=5342RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                                                      		high
                                                      http://www.carterandcone.comlRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://www.fontbureau.com/designers/cabarga.htmlNRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.founder.com.cn/cnRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://www.fontbureau.com/designers/frere-jones.htmlRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://registry.gimp.org/plugin?id=4816mozille.exefalse
                                                            		high
                                                            http://www.jiyu-kobo.co.jp/RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                            • URL Reputation: safe
                                                            		unknown
                                                            https://sourceforge.net/project/showfiles.php?group_id=181663mozille.exefalse
                                                              		high
                                                              http://www.fontbureau.com/designers8RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.340212666.00000000067C2000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://developer.nvidia.com/object/photoshop_dds_plugins.htmlmozille.exefalse
                                                                  		high
                                                                  http://developer.nvidia.com/object/photoshop_dds_plugins.htmlyhttp://developer.nvidia.com/object/ddsRFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000000.294283178.0000000000392000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000005.00000000.327586416.0000000000162000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000000.333928558.0000000000582000.00000002.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000007.00000002.361685768.0000000003B04000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000000.362803086.0000000000262000.00000002.00020000.sdmp, mozille.exe, 0000000F.00000000.372058011.0000000000F12000.00000002.00020000.sdmpfalse
                                                                    		high
                                                                    http://micolous.id.au/RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.341191488.0000000006C10000.00000004.00020000.sdmp, RFQ_GGMC-Ref 12-01-2022.exe, 00000000.00000002.338715728.0000000003709000.00000004.00000001.sdmp, mozille.exe, 0000000E.00000002.396925002.0000000006750000.00000004.00020000.sdmp, mozille.exe, 0000000E.00000002.394466512.0000000003659000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.575440695.00000000042C9000.00000004.00000001.sdmp, mozille.exe, 0000000F.00000002.580953387.00000000078F0000.00000004.00020000.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown

                                                                    Contacted IPs

                                                                    • No. of IPs < 25%
                                                                    • 25% < No. of IPs < 50%
                                                                    • 50% < No. of IPs < 75%
                                                                    • 75% < No. of IPs

                                                                    Public

                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                    89.238.150.43
                                                                    		unknownUnited Kingdom
                                                                    		9009M247GBtrue

                                                                    General Information

                                                                    Joe Sandbox Version:34.0.0 Boulder Opal
                                                                    Analysis ID:551470
                                                                    Start date:12.01.2022
                                                                    Start time:09:01:01
                                                                    Joe Sandbox Product:CloudBasic
                                                                    Overall analysis duration:0h 14m 8s
                                                                    Hypervisor based Inspection enabled:false
                                                                    Report type:full
                                                                    Sample file name:RFQ_GGMC-Ref 12-01-2022.exe
                                                                    Cookbook file name:default.jbs
                                                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                    Number of analysed new started processes analysed:46
                                                                    Number of new started drivers analysed:0
                                                                    Number of existing processes analysed:0
                                                                    Number of existing drivers analysed:0
                                                                    Number of injected processes analysed:0
                                                                    Technologies:
                                                                    • HCA enabled
                                                                    • EGA enabled
                                                                    • HDC enabled
                                                                    • AMSI enabled
                                                                    Analysis Mode:default
                                                                    Analysis stop reason:Timeout
                                                                    Detection:MAL
                                                                    Classification:mal100.troj.evad.winEXE@53/16@0/1
                                                                    EGA Information:
                                                                    • Successful, ratio: 60%
                                                                    HDC Information:
                                                                    • Successful, ratio: 0.2% (good quality ratio 0%)
                                                                    • Quality average: 12.9%
                                                                    • Quality standard deviation: 33.5%
                                                                    HCA Information:
                                                                    • Successful, ratio: 100%
                                                                    • Number of executed functions: 54
                                                                    • Number of non-executed functions: 3
                                                                    Cookbook Comments:
                                                                    • Adjust boot time
                                                                    • Enable AMSI
                                                                    • Found application associated with file extension: .exe
                                                                    Warnings:
                                                                    Show All
                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, conhost.exe, WmiPrvSE.exe, svchost.exe
                                                                    • Excluded IPs from analysis (whitelisted): 173.222.108.210, 173.222.108.147, 173.222.108.226
                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, wu-shim.trafficmanager.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, download.windowsupdate.com.edgesuite.net
                                                                    • Execution Graph export aborted for target RFQ_GGMC-Ref 12-01-2022.exe, PID 6948 because it is empty
                                                                    • Execution Graph export aborted for target RFQ_GGMC-Ref 12-01-2022.exe, PID 7000 because there are no executed function
                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                    • Report creation exceeded maximum time and may have missing behavior and disassembly information.
                                                                    • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                    Simulations

                                                                    Behavior and APIs

                                                                    TimeTypeDescription
                                                                    09:02:09API Interceptor1x Sleep call for process: RFQ_GGMC-Ref 12-01-2022.exe modified
                                                                    09:02:13API Interceptor138x Sleep call for process: powershell.exe modified
                                                                    09:02:31Task SchedulerRun new task: mozille path: "C:\Users\user\AppData\Local\Temp\mozille.exe"
                                                                    09:02:37API Interceptor4x Sleep call for process: mozille.exe modified
                                                                    09:03:24API Interceptor164x Sleep call for process: jzhlgt.exe modified
                                                                    09:03:41API Interceptor33x Sleep call for process: dlliok.exe modified
                                                                    09:03:59Task SchedulerRun new task: DHCP Monitor path: "C:\Users\user\AppData\Local\Temp\dlliok.exe" s>$(Arg0)

                                                                    Joe Sandbox View / Context

                                                                    IPs

                                                                    No context

                                                                    Domains

                                                                    No context

                                                                    ASN

                                                                    No context

                                                                    JA3 Fingerprints

                                                                    No context

                                                                    Dropped Files

                                                                    No context

                                                                    Created / dropped Files

                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ_GGMC-Ref 12-01-2022.exe.log
                                                                    Process:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:modified
                                                                    Size (bytes):1310
                                                                    Entropy (8bit):5.345651901398759
                                                                    Encrypted:false
                                                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE47mE4Ko88:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKz6
                                                                    MD5:D918C6A765EDB90D2A227FE23A3FEC98
                                                                    SHA1:8BA802AD8D740F114783F0DADC407CBFD2A209B3
                                                                    SHA-256:AB0E9F716E31502A4C6786575C5E64DFD9D24AF99056BBE2640A2FA322CFF4D6
                                                                    SHA-512:A937ABD8294BB32A612F8B3A376C94111D688379F0A4DB9FAA2FCEB71C25E18D621EEBCFDA5706B71C8473A4F38D8B3C4005D1589B564F9B1C9C441B6D337814
                                                                    Malicious:true
                                                                    Reputation:unknown
                                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\mozille.exe.log
                                                                    Process:C:\Users\user\AppData\Local\Temp\mozille.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):1310
                                                                    Entropy (8bit):5.345651901398759
                                                                    Encrypted:false
                                                                    SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE47mE4Ko88:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKz6
                                                                    MD5:D918C6A765EDB90D2A227FE23A3FEC98
                                                                    SHA1:8BA802AD8D740F114783F0DADC407CBFD2A209B3
                                                                    SHA-256:AB0E9F716E31502A4C6786575C5E64DFD9D24AF99056BBE2640A2FA322CFF4D6
                                                                    SHA-512:A937ABD8294BB32A612F8B3A376C94111D688379F0A4DB9FAA2FCEB71C25E18D621EEBCFDA5706B71C8473A4F38D8B3C4005D1589B564F9B1C9C441B6D337814
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):21704
                                                                    Entropy (8bit):5.597528400509029
                                                                    Encrypted:false
                                                                    SSDEEP:384:/tL67waWub8VWzZPWCDzj8eNSBKnsjultIW8aepEQt11u16z+5mHKHVg3P8j6Ivv:4CubLz5FfN4KsClt8a+f13+U+WEmlc
                                                                    MD5:2F13EF84B063265B6634CB005F4B5286
                                                                    SHA1:0AA0F7DC07BD5D1A12DAE304E40B70755A3F164A
                                                                    SHA-256:638143E39E07AD1C5DAF1BE1FB96B03C42B543B790849C7716AC2AC6718F667E
                                                                    SHA-512:9CBD81D15290642E4853B32BAAC634395AAC24B40279E8D24C33715EDA4161FE45580BA39C97CC8295B2CE312E97251795542323795ED32F74F9774B7E0CC4AD
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: @...e.....................u.P.E.B... .l..............@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)f.......System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP...............-K..s.F..*.]`.,j.....(.Microsoft.PowerShell.Commands.ManagementT................7.,.fiD..............*.Microsoft.Management.Inf
                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2x3ucvgo.4eb.ps1
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:very short file (no magic)
                                                                    Category:dropped
                                                                    Size (bytes):1
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3:U:U
                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: 1
                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_cfrruvyb.luy.psm1
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:very short file (no magic)
                                                                    Category:dropped
                                                                    Size (bytes):1
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3:U:U
                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: 1
                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_svjneimu.gkz.ps1
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:very short file (no magic)
                                                                    Category:dropped
                                                                    Size (bytes):1
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3:U:U
                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: 1
                                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wqgzyu5l.f34.psm1
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:very short file (no magic)
                                                                    Category:dropped
                                                                    Size (bytes):1
                                                                    Entropy (8bit):0.0
                                                                    Encrypted:false
                                                                    SSDEEP:3:U:U
                                                                    MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                    SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                    SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                    SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: 1
                                                                    C:\Users\user\AppData\Local\Temp\mozille.exe
                                                                    Process:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):567808
                                                                    Entropy (8bit):7.627302244469304
                                                                    Encrypted:false
                                                                    SSDEEP:12288:3v5+Ky22SH/s6TYnPEvvslosxkhoNB3Ps7hZJ:/029/enPEHkowNB/S
                                                                    MD5:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    SHA1:A43016FA816AFD1693FB7F266DD032FD7F061C35
                                                                    SHA-256:B586CA95BA9557F7AD2434D01F96FF191B77541670894DF3B78AA3A8312AE092
                                                                    SHA-512:0B87028C9E9654BC3FC69797E9B241604C1A6266DF388E8E01CCE98F19507F5544B35AFD02462E2229D4F4C9B8D348AB9A0294B1802F98D6F80F608657BC7675
                                                                    Malicious:true
                                                                    Reputation:unknown
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....2.a................................. ........@.. ....................... ............@....................................K.......T............................................................................ ............... ..H............text...4.... ...................... ..`.sdata..............................@....rsrc...T...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\Local\Temp\tmp71CD.tmp
                                                                    Process:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File Type:XML 1.0 document, ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):1600
                                                                    Entropy (8bit):5.151412589996552
                                                                    Encrypted:false
                                                                    SSDEEP:24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtXxvn:cge4MYrFdOFzOzN33ODOiDdKrsuThv
                                                                    MD5:C286A082609C1C1A219FF01B51775164
                                                                    SHA1:F8A15ACBF3A55AD917F35566777A6EC4731DE800
                                                                    SHA-256:8ED2C4AF8E80335DE493A0A74226839E5505BA01BFD742C9A56A296878D9D636
                                                                    SHA-512:2FD055314D57E399D6CBB5FAFC7B98AD0910AD3D82F01A531C08EE36E8384FF1B86A6656741AE4C0E59E818EFFB92398BDF54ED7DADB7D0AA911982AA211A9E5
                                                                    Malicious:true
                                                                    Reputation:unknown
                                                                    Preview: <?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <
                                                                    C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat
                                                                    Process:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File Type:DOS batch file, ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):154
                                                                    Entropy (8bit):5.030771528412489
                                                                    Encrypted:false
                                                                    SSDEEP:3:mKDDCMNqTtvL5oWXp5cViE2J5xAIjkOAdLvmqRDWXp5cViE2J5xAInTRINjio5Z6:hWKqTtT6WXp+N23fjdCvmq1WXp+N23fb
                                                                    MD5:07BDDF3468F5B8BEAFB3C3BFAA8E4C3D
                                                                    SHA1:92D16205F5D6F7B4CDFAD83119A5E47A8F430DB8
                                                                    SHA-256:7704F72B9FD7E75BDD3D3C8632B4F332120E94C1B8CAD84B6F62C2B63CEADD2C
                                                                    SHA-512:C10E87D75A658380DD96B9B7A94201C342BADEB4AE400B88CD21D72CBF76865307A1A5A645D6B36A9E4ECDB7FFADBAC212E97B4F0E5DE25C98B14B84AE0685C6
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: @echo off..timeout 3 > NUL..START "" "C:\Users\user\AppData\Local\Temp\mozille.exe"..CD C:\Users\user\AppData\Local\Temp\..DEL "tmpB8D1.tmp.bat" /f /q..
                                                                    C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp
                                                                    Process:C:\Users\user\AppData\Local\Temp\mozille.exe
                                                                    File Type:XML 1.0 document, ASCII text
                                                                    Category:dropped
                                                                    Size (bytes):1600
                                                                    Entropy (8bit):5.151412589996552
                                                                    Encrypted:false
                                                                    SSDEEP:24:2di4+S2qh/Q1K1y1mokUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtXxvn:cge4MYrFdOFzOzN33ODOiDdKrsuThv
                                                                    MD5:C286A082609C1C1A219FF01B51775164
                                                                    SHA1:F8A15ACBF3A55AD917F35566777A6EC4731DE800
                                                                    SHA-256:8ED2C4AF8E80335DE493A0A74226839E5505BA01BFD742C9A56A296878D9D636
                                                                    SHA-512:2FD055314D57E399D6CBB5FAFC7B98AD0910AD3D82F01A531C08EE36E8384FF1B86A6656741AE4C0E59E818EFFB92398BDF54ED7DADB7D0AA911982AA211A9E5
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: <?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>computer\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>computer\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>computer\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <
                                                                    C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                                                                    Process:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):567808
                                                                    Entropy (8bit):7.627302244469304
                                                                    Encrypted:false
                                                                    SSDEEP:12288:3v5+Ky22SH/s6TYnPEvvslosxkhoNB3Ps7hZJ:/029/enPEHkowNB/S
                                                                    MD5:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    SHA1:A43016FA816AFD1693FB7F266DD032FD7F061C35
                                                                    SHA-256:B586CA95BA9557F7AD2434D01F96FF191B77541670894DF3B78AA3A8312AE092
                                                                    SHA-512:0B87028C9E9654BC3FC69797E9B241604C1A6266DF388E8E01CCE98F19507F5544B35AFD02462E2229D4F4C9B8D348AB9A0294B1802F98D6F80F608657BC7675
                                                                    Malicious:true
                                                                    Reputation:unknown
                                                                    Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....2.a................................. ........@.. ....................... ............@....................................K.......T............................................................................ ............... ..H............text...4.... ...................... ..`.sdata..............................@....rsrc...T...........................@..@.reloc..............................@..B................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                    C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe:Zone.Identifier
                                                                    Process:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: [ZoneTransfer]....ZoneId=0
                                                                    C:\Users\user\Documents\20220112\PowerShell_transcript.138727.F_iUYR88.20220112090240.txt
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):5801
                                                                    Entropy (8bit):5.4133657955498915
                                                                    Encrypted:false
                                                                    SSDEEP:96:BZZhENMqDo1Z4ZUhENMqDo1ZsOI2jZohENMqDo1ZermmOZ1:c
                                                                    MD5:A60FA78FF988D57F3451E409235D01C5
                                                                    SHA1:ACE6418390C2687EC72117DD8A11F25FC9D830B2
                                                                    SHA-256:DC0A2EB75B913C1FD7C28E211C0045E678AC5D659706AFBF63967569CA69ED15
                                                                    SHA-512:7AACF764D22856EC2EB7773B26E7559A4DC20278BDE3BD689EE288956AA9A06A95886EE10DCF447C7CDB94396FE4C560C97E847BEE16D3B45C214236BE466CC7
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20220112090242..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe..Process ID: 5400..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220112090242..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe..**********************..Windows PowerShell transcript start..Start time: 20220112090441..Username: computer\user..RunAs User: DESKTOP-716T77
                                                                    C:\Users\user\Documents\20220112\PowerShell_transcript.138727.fhx+G1tL.20220112090212.txt
                                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):5801
                                                                    Entropy (8bit):5.41379343008454
                                                                    Encrypted:false
                                                                    SSDEEP:96:BZvhENVqDo1ZuZshENVqDo1ZEOI2jZPhENVqDo1ZnrmmOZ1:T
                                                                    MD5:5DB6DDA4F50FC48388AEB9886E8D92FA
                                                                    SHA1:1B375170354A7D83E1E9478A93C8A17ED180E735
                                                                    SHA-256:F26C8CA471D97986F5C2DC5DA82BBCA9DA4C4EAEBC5EFB88917BD5D88403A7ED
                                                                    SHA-512:0ABC022E484CC6A00878DDD0B92A7D445C930C5DE61085961CB9A30DDB1E4FDE2484294EF36252566E52AD2C5389185724F8EBEA476364255DB84D2BBBEDEE4B
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: .**********************..Windows PowerShell transcript start..Start time: 20220112090213..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 138727 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe..Process ID: 6080..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20220112090213..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe..**********************..Windows PowerShell transcript start..Start time: 20220112090526..Username: computer\user..RunAs User: DESKTOP-716T77
                                                                    \Device\Null
                                                                    Process:C:\Windows\SysWOW64\timeout.exe
                                                                    File Type:ASCII text, with CRLF line terminators, with overstriking
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.41440934524794
                                                                    Encrypted:false
                                                                    SSDEEP:3:hYFqdLGAR+mQRKVxLZXt0sn:hYFqGaNZKsn
                                                                    MD5:3DD7DD37C304E70A7316FE43B69F421F
                                                                    SHA1:A3754CFC33E9CA729444A95E95BCB53384CB51E4
                                                                    SHA-256:4FA27CE1D904EA973430ADC99062DCF4BAB386A19AB0F8D9A4185FA99067F3AA
                                                                    SHA-512:713533E973CF0FD359AC7DB22B1399392C86D9FD1E715248F5724AAFBBF0EEB5EAC0289A0E892167EB559BE976C2AD0A0A0D8EFC407FFAF5B3C3A32AA9A0AAA4
                                                                    Malicious:false
                                                                    Reputation:unknown
                                                                    Preview: ..Waiting for 3 seconds, press a key to continue ....2.1.0..

                                                                    Static File Info

                                                                    General

                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):7.627302244469304
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.79%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Windows Screen Saver (13104/52) 0.07%
                                                                    • Win16/32 Executable Delphi generic (2074/23) 0.01%
                                                                    File name:RFQ_GGMC-Ref 12-01-2022.exe
                                                                    File size:567808
                                                                    MD5:9fd45110bad75cda6de67232014aeb6e
                                                                    SHA1:a43016fa816afd1693fb7f266dd032fd7f061c35
                                                                    SHA256:b586ca95ba9557f7ad2434d01f96ff191b77541670894df3b78aa3a8312ae092
                                                                    SHA512:0b87028c9e9654bc3fc69797e9b241604c1a6266df388e8e01cce98f19507f5544b35afd02462e2229d4f4c9b8d348ab9a0294b1802f98d6f80f608657bc7675
                                                                    SSDEEP:12288:3v5+Ky22SH/s6TYnPEvvslosxkhoNB3Ps7hZJ:/029/enPEHkowNB/S
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....2.a................................. ........@.. ....................... ............@................................

                                                                    Static PE Info

                                                                    General

                                                                    Entrypoint:0x48b82e
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED
                                                                    DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                    Time Stamp:0x61DE32FE [Wed Jan 12 01:46:38 2022 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:v4.0.30319
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                    Entrypoint Preview

                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al

                                                                    Data Directories

                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x8b7e00x4b.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x8e0000x554.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x900000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x8b7880x1c.text
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                    Sections

                                                                    NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000x898340x89a00False0.843022678247data7.64899477975IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                    .sdata0x8c0000x2040x400False0.458984375data4.099059951IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x8e0000x5540x600False0.340494791667data2.80510503091IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x900000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                    Resources

                                                                    NameRVASizeTypeLanguageCountry
                                                                    RT_ICON0x8e0e80xb0GLS_BINARY_LSB_FIRST
                                                                    RT_GROUP_ICON0x8e1980x14data
                                                                    RT_VERSION0x8e1ac0x3a8data

                                                                    Imports

                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain

                                                                    Version Infos

                                                                    DescriptionData
                                                                    Translation0x0000 0x04b0
                                                                    LegalCopyrightCopyright micolous 2006-2007
                                                                    Assembly Version0.1.6.0
                                                                    InternalNameIDescriptionMetadataEnt.exe
                                                                    FileVersion0.1.6.0
                                                                    CompanyNamemicolous
                                                                    LegalTrademarks
                                                                    Comments
                                                                    ProductNameIGA Ad Cache Editor
                                                                    ProductVersion0.1.6.0
                                                                    FileDescriptionIGA Ad Cache Editor
                                                                    OriginalFilenameIDescriptionMetadataEnt.exe

                                                                    Network Behavior

                                                                    Snort IDS Alerts

                                                                    TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                    01/12/22-09:02:52.180734TCP2030673ET TROJAN Observed Malicious SSL Cert (AsyncRAT Server)55124972089.238.150.43192.168.2.3
                                                                    01/12/22-09:04:02.052703TCP2025019ET TROJAN Possible NanoCore C2 60B497295512192.168.2.389.238.150.43
                                                                    01/12/22-09:04:10.617296TCP2025019ET TROJAN Possible NanoCore C2 60B497305512192.168.2.389.238.150.43

                                                                    Network Port Distribution

                                                                    TCP Packets

                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Jan 12, 2022 09:02:51.992925882 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:52.038013935 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:52.038110018 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:52.121738911 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:52.180733919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:52.180757046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:52.180808067 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:52.190129042 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:52.236762047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:52.279273033 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:57.763133049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:57.853986979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:57.854074001 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:57.932223082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:59.755090952 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:59.795608997 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:02:59.841047049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:02:59.889302969 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.021341085 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.102216005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.102407932 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.186480045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214020014 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214072943 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214178085 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214235067 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.214301109 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214421034 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.214526892 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214653015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214716911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214730024 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.214761019 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214816093 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.214878082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.214930058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.215234995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.215276957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.215332031 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.215343952 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.259789944 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.259836912 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.259870052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.259953976 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260010004 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.260153055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260195017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260274887 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.260284901 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.260289907 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260334015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260406017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260742903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260812044 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.260821104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.260854959 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260896921 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.260967970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.261008978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.261054993 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.261069059 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.261122942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.261926889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.261967897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.262006044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.262046099 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.262058973 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.262070894 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.262084961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.262125015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.262162924 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.262254953 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.262294054 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.305532932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.305582047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.305623055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.305937052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.305977106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306015015 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.306015968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306046009 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.306154013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306221962 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.306531906 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306648016 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306689024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306726933 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306740999 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.306752920 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.306766987 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306808949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.306904078 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.307087898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307127953 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307163954 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.307348967 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307390928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307512045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307553053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307563066 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.307571888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.307593107 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.307681084 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.307779074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.308002949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.308120012 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.308191061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.308492899 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.308537006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.308583021 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.308640957 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.308656931 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.308864117 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309036970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309117079 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.309185982 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309425116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309464931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309487104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.309504986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309557915 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.309662104 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309906960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.309990883 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.310061932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.310236931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.310280085 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.310297966 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.310345888 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.310410976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.351989031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.352144003 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.352199078 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.352245092 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.352298975 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.352400064 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.352965117 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353074074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353132010 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353151083 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.353187084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353245020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353301048 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353359938 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.353365898 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.353401899 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353606939 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.353938103 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354095936 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.354193926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354234934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354276896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354315042 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354327917 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.354336977 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.354353905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354393959 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354432106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354460001 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.354470015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354537964 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354600906 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.354609013 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.354629040 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.354820013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355006933 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355048895 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355112076 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.355129957 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.355351925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355395079 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355433941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355555058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355596066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355642080 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.355654955 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.355689049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.355925083 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.356085062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.356157064 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.356180906 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.356280088 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.356321096 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.356589079 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.356723070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.356785059 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.356807947 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.397924900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.397967100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.398207903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.398334026 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.398411036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.398484945 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.398664951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.398843050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399024963 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399264097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399319887 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.399338961 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.399389029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399538994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399597883 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.399749994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399792910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.399872065 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.400038004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400227070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400300026 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.400342941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400384903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400463104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.400523901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400703907 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400760889 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.400954962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.400995970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401071072 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.401209116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401303053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401598930 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401639938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401679993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401717901 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.401731968 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.401787043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.401868105 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.402065039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402302027 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402344942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402368069 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.402385950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402437925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402461052 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.402575970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402645111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402664900 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.402889013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.402954102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.402992964 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.403074026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.403141975 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.403418064 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.403529882 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.403546095 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.403618097 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.443852901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.443898916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.443941116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.444080114 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.444106102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.444128036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.444541931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.444583893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.444622040 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.444629908 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.444813013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.445040941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.445075035 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.445178986 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.445187092 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.445417881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.445461035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.445589066 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.445597887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.445677996 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446039915 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.446049929 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446094990 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446166992 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.446186066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446321964 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.446372986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446568966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446610928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.446656942 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.446986914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447086096 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.447181940 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447515011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447557926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447596073 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447599888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.447637081 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447673082 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.447679043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.447727919 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.447798967 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448018074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448081017 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.448252916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448295116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448348999 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448388100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448411942 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.448429108 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448684931 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.448698997 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.448771954 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.448863983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.449170113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.449250937 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.449300051 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.489820004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.489901066 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.489940882 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490012884 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490067005 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.490207911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490248919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490300894 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.490396976 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490438938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490498066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490509987 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.490536928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490619898 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.490710020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490843058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.490907907 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.491060972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.491214037 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.491272926 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.491735935 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.491777897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.491816044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.491837025 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.491894960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.491960049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.492131948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492238998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492325068 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.492427111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492681026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492722034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492759943 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.492830038 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492865086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.492925882 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.493238926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.493279934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.493300915 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.493319988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.493391037 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.493402004 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.493781090 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.493901014 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.493907928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494185925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494227886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494332075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494374037 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494465113 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.494499922 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.494587898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494631052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494857073 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494894981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.494925976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.494945049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.535685062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.535775900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.535795927 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.535830975 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.535916090 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.535933018 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.535976887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536082029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536132097 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.536302090 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536406994 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.536422968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536550999 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536603928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536652088 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.536885023 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.536988974 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.537008047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.537101030 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.537245035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.537265062 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.537678003 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.537884951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.537913084 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.537985086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538028955 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538080931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538136005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538152933 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.538166046 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.538238049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538296938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538350105 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538422108 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.538430929 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.538490057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538542032 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538671017 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.538772106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538867950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.538964033 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.539288044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.539386988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.539509058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.539581060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.539660931 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.539686918 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.539897919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.540060043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.540116072 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.540215015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.540291071 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.540307045 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.540401936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.540587902 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.540699959 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.581841946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.581960917 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582006931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582060099 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582158089 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.582207918 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.582284927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582326889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582530022 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582550049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.582606077 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582643986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582741976 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582775116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582887888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.582914114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.582995892 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.583174944 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.583215952 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.583282948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.583285093 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.583587885 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.583714962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.583947897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.583992004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584021091 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.584043026 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.584208965 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584301949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584311962 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.584342957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584414959 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584631920 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584700108 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.584719896 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.584841967 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584886074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.584934950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.585067034 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.585097075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.585237026 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.585319042 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.585474014 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.585525990 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.585716963 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.585778952 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.585884094 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.586088896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.586132050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.586169004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.586195946 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.586210966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.586271048 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.586283922 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.586431980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.586508989 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.586625099 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.628176928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.628215075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.628329992 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.628576994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.628663063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.628706932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.628761053 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.628777981 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.628901005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629285097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629328966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629369020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629409075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629435062 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.629448891 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.629515886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629594088 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.629673958 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629717112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629770041 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.629786015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.629980087 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.630212069 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.630261898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.630266905 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.630347013 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.630534887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.630765915 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.630949974 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.631174088 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.631257057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.631297112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.631473064 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.631508112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:00.631541967 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.631566048 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:00.686305046 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.128683090 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.184410095 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.212625027 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:04.214345932 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.230684996 CET55124972289.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:04.231132984 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.235763073 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.281668901 CET55124972289.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:04.283114910 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:04.297081947 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:04.365995884 CET55124972289.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:06.395401955 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:06.472470999 CET55124972289.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:06.472752094 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:06.518687963 CET55124972289.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:06.522022963 CET497225512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.243804932 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.324245930 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:08.324388981 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.370117903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:08.421353102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.466650009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:08.515018940 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.524363041 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.609149933 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:08.609780073 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:08.693953991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770184040 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770293951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770406008 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770471096 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.770529032 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770695925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770756960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770788908 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.770894051 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.770895004 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771106958 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771136999 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771179914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771209955 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771215916 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771280050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771311045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771310091 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771334887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771362066 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771437883 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771446943 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771492958 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771584988 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771640062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771709919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771734953 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771754980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.771792889 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.771879911 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772022009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772057056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772082090 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772102118 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772131920 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772203922 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772264957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772299051 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772321939 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772380114 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772456884 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772479057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772552967 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772603989 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772654057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772674084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772747993 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772763968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.772809982 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.772921085 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773077965 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773098946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773118973 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773139000 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773163080 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.773169994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773251057 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.773977041 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.773998976 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.774094105 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.816067934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.816265106 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.816312075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.816603899 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.816657066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.816684008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.816802979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.816858053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.816878080 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.816961050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817035913 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.817245007 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817296982 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817341089 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817378998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817385912 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.817439079 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.817553043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817605972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817698956 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.817790031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.817960978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818017960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818051100 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.818054914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818090916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818130970 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.818172932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818404913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818443060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818475962 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.818553925 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.818558931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818654060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818929911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.818974018 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819005013 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819067001 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819099903 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819107056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819175959 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819221020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819478035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819514990 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819552898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819555998 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819622993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819624901 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819659948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819772005 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819818020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819856882 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.819952965 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.819963932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.820082903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.820168972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.820242882 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.861845016 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.861932039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.861974001 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862101078 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.862176895 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.862181902 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862229109 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862267017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862312078 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.862365961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862437963 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862453938 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.862616062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862658978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.862713099 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.862813950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863025904 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.863038063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863259077 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863322973 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863346100 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.863380909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863504887 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.863578081 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863739014 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863796949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863833904 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.863847017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863893032 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.863929033 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.863945007 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864025116 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.864042044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864274025 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864336967 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864388943 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.864636898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864722967 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.864794016 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864835978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864875078 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.864954948 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.865046978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865133047 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.865238905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865282059 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865391016 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.865432024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865475893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865575075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865577936 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.865633011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865689039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865724087 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.865782022 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.865874052 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.865952015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.892128944 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.907903910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.907953978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.908003092 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.908164978 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.908368111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.908638954 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.908694983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.908732891 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.908776999 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.908813000 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909004927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909106970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909136057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909171104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909250975 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909257889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909393072 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909427881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909467936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909481049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909501076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909535885 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909543991 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909589052 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909657001 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909795046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.909876108 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.909991026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910043955 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910118103 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.910197973 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910284042 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910424948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910500050 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.910649061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910744905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.910818100 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.910943985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.911719084 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.937829971 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.937977076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938019991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938060045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938065052 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.938200951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938234091 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.938246012 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938286066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938323021 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938357115 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938399076 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.938478947 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.938487053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938529968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938585997 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938679934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.938667059 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.938710928 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.953574896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.953619957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.953730106 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.954093933 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954188108 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954190016 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.954227924 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954307079 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.954410076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954571962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954647064 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954755068 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.954822063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954879045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.954997063 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.955013990 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955066919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955116034 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.955118895 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955168009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955240011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955275059 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.955322981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955358982 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.955544949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955637932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955687046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.955780983 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.955882072 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.955971956 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.956032991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.956091881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.956136942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.956242085 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.956259012 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.956283092 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.956692934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.957166910 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.983489037 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.983515978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.983599901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.983776093 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.983809948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.983839989 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.983913898 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.984006882 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984097958 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.984177113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984203100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984242916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984328032 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984335899 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.984421968 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.984517097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984564066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.984663963 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.999273062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.999377966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.999399900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.999531984 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.999607086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.999691963 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:14.999815941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.999943972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:14.999972105 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000036955 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.000093937 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000138998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000226974 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.000281096 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000468969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000539064 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000551939 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.000602961 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.000643015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000667095 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000745058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000772953 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.000781059 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.000849009 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.001234055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001257896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001276970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001322031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001403093 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.001451969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001575947 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001600027 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.001669884 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.001734972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.002357006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.002439022 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.002460003 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.003719091 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.030009985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030045986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030119896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030244112 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.030374050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030458927 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.030514002 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030673981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030752897 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.030957937 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.030992031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.031034946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.031066895 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.031115055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.031173944 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.031328917 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.031483889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.032237053 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.045070887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045125961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045160055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045234919 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.045346022 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045423985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.045510054 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045612097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045701981 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.045713902 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045952082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.045984030 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046003103 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046073914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046098948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046103001 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.046166897 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.046255112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046595097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046653032 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.046669006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046694994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046720028 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046751976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.046896935 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.046967983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047029972 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.047051907 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047281981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047310114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047334909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047347069 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.047374964 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.047436953 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047632933 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.047697067 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.047835112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.048228979 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.048676968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.075664043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.075750113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.075844049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.075974941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076014042 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076066971 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.076250076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076272964 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076356888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.076407909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076483011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076528072 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.076572895 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.076621056 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.076730013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.077219009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.077243090 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.077316046 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.090706110 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.090747118 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.090883970 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.090977907 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091015100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091092110 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.091173887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091265917 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.091353893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091487885 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091582060 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.091706991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091744900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091767073 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.091833115 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.091943979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.092083931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.092106104 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.092200041 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.092245102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.092437029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.092488050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.092577934 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.092998981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093024015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093045950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093070030 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093101978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093116999 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.093168020 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.093362093 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093422890 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093492985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.093554974 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093579054 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.093657017 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.093736887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.094002008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.122407913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.122447014 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.122648954 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.122859955 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.122884035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.122922897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123024940 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123034000 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.123092890 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123105049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.123425961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123477936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123512030 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.123663902 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123756886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.123845100 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.123972893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.124243975 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.136908054 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.136991024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.137027979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.137115955 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.137408972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.137439013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.137487888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.137558937 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.137923002 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.137950897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138000965 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.138039112 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.138246059 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138278961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138343096 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.138427019 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138578892 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138644934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138644934 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.138751984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.138811111 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.138953924 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139096975 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139158010 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.139301062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139328003 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139350891 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139411926 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.139492035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139559031 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.139636040 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139839888 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.139914989 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.139919996 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.140041113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.140105009 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.140214920 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.140340090 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.140410900 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.168083906 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168116093 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168152094 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168241024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168271065 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168344021 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.168390036 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.168554068 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168593884 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.168664932 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.168684006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.169058084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.169111013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.169128895 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.169135094 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.169186115 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.169409037 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.169478893 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.182519913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.182651043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.182678938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.182703018 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.182821035 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.183002949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.183031082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.183099985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.183187962 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.183263063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.183347940 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.183437109 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.183463097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.183538914 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.183765888 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184026957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184067965 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184135914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184254885 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.184377909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184453011 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.184545994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184571981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184596062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.184679031 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.184935093 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185077906 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185163021 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.185292006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185477972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185504913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185543060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185563087 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.185568094 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185591936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.185638905 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.185688972 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.213809013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.213840961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.213877916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214013100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214034081 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214051008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.214143991 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.214159966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214288950 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.214471102 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214493036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214514017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214535952 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214562893 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.214637995 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.214765072 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214787006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.214853048 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.228508949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.228535891 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.228557110 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.228602886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.228693962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.228714943 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.228770018 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.228934050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.228993893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.229001045 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.229055882 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.229229927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.229291916 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.229304075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.229365110 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.229876041 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.229898930 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.229974031 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.230031013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230334997 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230360031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230408907 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230437994 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.230494976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.230535984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230556965 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230617046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230663061 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.230854034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.230976105 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.231036901 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.231211901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.231319904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.231388092 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.231498957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.231519938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.231539965 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.231584072 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.231628895 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.231717110 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259288073 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259320021 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259335995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259485006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259502888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.259730101 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259749889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259767056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259783983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.259820938 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.259896040 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.260070086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.260090113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.260106087 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.260164976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.260209084 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.260241985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.273973942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274003983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274077892 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274223089 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.274291039 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.274317980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274410963 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274427891 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274512053 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.274620056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274699926 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.274899960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274949074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.274971008 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275044918 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.275146961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275165081 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275234938 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.275316000 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275372028 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275438070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275443077 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.275496006 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.275645971 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275723934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.275803089 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.276097059 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276120901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276190042 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.276285887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276396036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276413918 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276468039 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.276566029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276757956 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276828051 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.276849031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276865959 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.276932955 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.305571079 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305603027 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305624008 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305850983 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.305891991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305912018 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305927992 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305944920 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305960894 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305978060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305993080 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.305999041 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.306057930 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.306449890 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.306595087 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.319417000 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319447041 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319624901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319639921 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.319658041 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319739103 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319761992 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.319785118 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319899082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.319905996 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.320055962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320161104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.320215940 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320408106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320425987 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320512056 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.320543051 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320625067 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.320642948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320782900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320908070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.320991039 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.321101904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.321142912 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.321223021 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.321336985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.322038889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.322144985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.323899984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324028015 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.324199915 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324225903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324243069 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324259043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324271917 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324287891 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324307919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.324405909 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.351809978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.351849079 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.351898909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352013111 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.352071047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352097034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352123976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.352199078 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.352243900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352428913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352461100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352487087 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352508068 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.352552891 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.352566957 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.352714062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.353988886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.365498066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365564108 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365612984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365658998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365700006 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.365709066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365760088 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365772963 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.365811110 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365812063 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.365888119 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.365950108 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.366018057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366070032 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366117001 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366118908 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.366168022 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366228104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.366312981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366425991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366486073 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.366527081 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366580009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366628885 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.366631985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.367204905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.367259026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.367288113 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.370368004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370421886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370461941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370480061 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.370500088 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370520115 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.370539904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370577097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370608091 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.370609999 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.370655060 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.398066998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398108006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398257017 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.398459911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398488998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398509979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398535013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398559093 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398560047 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.398591042 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.398669004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398694992 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398718119 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.398719072 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.398787975 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.399036884 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.399137974 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.399197102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.447199106 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.523905993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.524137020 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.545717955 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.569468975 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.569726944 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.603178978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603379965 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603410959 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603558064 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603583097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603631973 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603643894 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.603702068 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603705883 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.603782892 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603878021 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603909016 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.603928089 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603954077 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.603976965 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604042053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604063034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604099035 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604101896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604152918 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604310989 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604404926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604429007 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604451895 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604465008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604486942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604510069 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604510069 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604532003 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604554892 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604556084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604612112 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604684114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604912996 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604971886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.604979992 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.604991913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605015993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605038881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605053902 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605084896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605089903 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605108023 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605150938 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605245113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605401993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605441093 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605452061 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605468035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605489969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605521917 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605525970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605582952 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605632067 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605680943 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605694056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605726957 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.605758905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.605804920 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.648865938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.648920059 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.649033070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.649036884 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.703186989 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.841300011 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.878546953 CET497235512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.923681974 CET55124972389.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.923783064 CET497235512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.924402952 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.924488068 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.927789927 CET497235512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.973354101 CET55124972389.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:15.979866982 CET497235512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:15.993621111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:16.056165934 CET55124972389.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.453130960 CET497235512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:18.499926090 CET55124972389.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.499949932 CET55124972389.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.500117064 CET497235512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:18.617779016 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:18.700575113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.700664043 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:18.746474028 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.797132015 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:18.842561007 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.870800018 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:18.947513103 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:18.947592974 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:19.032358885 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.067257881 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.144501925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.144602060 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.190726995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.235529900 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.280775070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.288054943 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.375992060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.376072884 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.460429907 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777313948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777359962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777399063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777475119 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.777625084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777833939 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777895927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.777899027 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.778002024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778059006 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.778120041 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778434038 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778506041 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.778610945 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778733969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778799057 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.778887987 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778938055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.778990984 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.779094934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.779334068 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.779422998 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.779470921 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.779537916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.779551029 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.779808044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.779906034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.779970884 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.780145884 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.780180931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.780239105 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.780399084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.780591011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.780659914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.780673027 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.780715942 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.780858994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.780898094 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.781178951 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.781230927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.781266928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.781318903 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.781467915 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.781608105 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.781642914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.781691074 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.782021999 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782059908 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782095909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782155991 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.782187939 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.782255888 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782406092 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782445908 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782603979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782641888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.782675028 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.782829046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782859087 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.782928944 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.822902918 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.822983980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.823097944 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.823242903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.823395967 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.823473930 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.823473930 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.823681116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.823753119 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.823964119 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824028969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824105024 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.824139118 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824497938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824567080 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824600935 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.824678898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824846983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.824961901 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.825009108 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.825074911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.825150967 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.825278997 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.825498104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.825572014 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.825615883 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.825675964 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.825754881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826360941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826406956 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826442003 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.826447010 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826488018 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826492071 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.826657057 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826718092 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.826725006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.826879978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.827183008 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.827256918 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.827429056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.827573061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.827637911 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.827718019 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828011990 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828094006 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.828387022 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828422070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828530073 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.828572035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828598976 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828649044 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.828744888 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828763962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828828096 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.828864098 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.828953981 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.868828058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.868865967 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.868927002 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.869004011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.869180918 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.869227886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.869349957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.869376898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.869432926 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.869564056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.869590044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.869632006 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.870193005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.870220900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.870284081 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.870717049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.870752096 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.870908976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.870924950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.870955944 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.871026039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.871117115 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.871629000 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.871670008 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.871710062 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.871849060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.871920109 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.872018099 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.872194052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.872253895 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.872317076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.872482061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.872978926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873004913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873030901 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873043060 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.873059034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873090982 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.873110056 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.873126030 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873388052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873413086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.873460054 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.874066114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.874203920 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.874233961 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.874403000 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.874716043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.874790907 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.875390053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.875435114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.875469923 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.875483036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.875514984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.875547886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.875619888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.914386988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.914464951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.914520979 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.914618969 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.914715052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.914758921 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.914776087 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.914800882 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.914839029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.915119886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.915128946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.915179014 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.915237904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.915493011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.915570974 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.916158915 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.916332006 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.916372061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.916409969 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.916493893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.916560888 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.916594982 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.917042971 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.917083025 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.917114973 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.917357922 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.917402029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.917459011 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.917515993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.917754889 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.918082952 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918126106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918190956 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.918246984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918288946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918334961 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.918363094 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918596983 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918637991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918692112 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.918788910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918829918 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.918879032 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.919416904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.919482946 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.919883966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.920075893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.920140982 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.920217991 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.920510054 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.920631886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.920833111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.920876026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.921247005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.921286106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.921320915 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.921322107 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.921369076 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.960505962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.960583925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.960596085 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.960633993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.960676908 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.960726976 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.960808039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.960912943 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.961088896 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.961147070 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.961191893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.961200953 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.961239100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.961280107 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.961307049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.963005066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963057995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963149071 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.963161945 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963207960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963267088 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.963356972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963403940 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963408947 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.963654995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963707924 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963716030 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.963785887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.963839054 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.963928938 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964205027 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964279890 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.964288950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964596987 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964622974 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964668036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964692116 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.964720964 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.964757919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.964993000 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965013981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965030909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965069056 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.965105057 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.965135098 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965270996 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965298891 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965337992 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.965785980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.965842962 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.965871096 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.966676950 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.966694117 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.966742992 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:29.966820002 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:29.966839075 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.006422043 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006484985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006526947 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006572962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006581068 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.006617069 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.006719112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006762028 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006802082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006805897 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.006840944 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006880045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.006907940 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.007077932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.007289886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.008282900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008326054 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008430958 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008486986 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.008594036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008833885 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008872986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008889914 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.008912086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.008928061 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.009080887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009169102 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009207010 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009213924 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.009239912 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009243965 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.009279966 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009319067 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009322882 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.009704113 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009763002 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.009819031 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.009838104 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010092020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010154009 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.010361910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010406017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010416985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.010446072 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010498047 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.010545015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010730982 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010778904 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.010814905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010859013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.010905027 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.011027098 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.011694908 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.011804104 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.011878967 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.011885881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.012166977 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.012228966 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.055542946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055576086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055598021 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055619001 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055643082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055665970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055687904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055718899 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.055773973 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.055830956 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055854082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055876017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055897951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055922031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.055952072 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.055974960 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056010962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056035995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056090117 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056109905 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056113005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056137085 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056160927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056178093 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056185007 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056186914 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056210041 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056231022 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056253910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056263924 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056277990 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056301117 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056313992 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056325912 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056330919 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056351900 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056375980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056385040 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056400061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056423903 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056447029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056462049 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056473970 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056474924 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056498051 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056523085 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.056526899 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056567907 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.056951046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.057200909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.057272911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.057286978 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.057301998 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.057357073 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.057415962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102034092 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102088928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102117062 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.102135897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102180958 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.102241993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102405071 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102447987 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102453947 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.102492094 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102557898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102606058 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.102749109 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102787971 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.102835894 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.103010893 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103220940 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103271008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.103326082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103369951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103372097 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.103461981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103513956 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.103564024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103600025 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103642941 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.103869915 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103909016 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103945017 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103982925 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.103997946 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.104027987 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.104182959 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104221106 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104264021 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.104506969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104543924 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104598999 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.104617119 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104656935 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104700089 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.104700089 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104835033 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.104881048 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.105176926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105216026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105251074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105289936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105298042 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.105334044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105379105 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.105405092 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105448961 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.105474949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105515003 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.105562925 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.147452116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.147572994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.147692919 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.147778034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.147819996 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.147860050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.147907972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.147908926 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.147991896 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.148010015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148183107 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148226023 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148300886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.148358107 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148560047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148601055 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148647070 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.148648977 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148689985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.148863077 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148906946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148946047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.148993969 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.149003029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.149041891 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.149055958 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.149144888 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.149216890 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.149394035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.149507999 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.149549007 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.149584055 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.149645090 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.149907112 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150019884 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150113106 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.150163889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150203943 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150266886 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.150440931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150490046 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150532961 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150549889 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.150582075 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150620937 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150672913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150687933 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.150722980 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.150757074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150852919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.150918007 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.150966883 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.151037931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.151093960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.151127100 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.151149988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.151204109 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.193432093 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.193485975 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.193603039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.193645000 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.193783045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.193936110 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.193994045 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194008112 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.194025993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194087982 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.194230080 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194272995 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194289923 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.194397926 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194479942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194521904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194547892 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.194562912 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.194596052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.194938898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195091009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195131063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195156097 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.195194960 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.195272923 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195389032 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195430994 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195446014 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.195472956 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195512056 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195538998 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.195880890 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195921898 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.195982933 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.196023941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196233988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196279049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196297884 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.196336985 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.196389914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196544886 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196686983 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.196773052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196854115 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.196909904 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.196966887 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197006941 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197129011 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197237968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197249889 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.197341919 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197407007 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.197427988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197539091 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197582006 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.197734118 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.197792053 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.239320993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239407063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239470005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239515066 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.239536047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239728928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239787102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.239887953 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239929914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239968061 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.239974022 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.240207911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240250111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240258932 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.240382910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240427971 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.240570068 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240611076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240653038 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240660906 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.240734100 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.240792990 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.240937948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241091013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241154909 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.241204023 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241245985 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241276026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241383076 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.241455078 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241509914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241549969 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241614103 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.241667986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.241728067 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.242027044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242074013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242130995 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.242324114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242470026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242542028 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.242713928 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242782116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242842913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.242902994 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.243000984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243225098 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243262053 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.243289948 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243341923 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243355036 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.243386984 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243560076 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.243609905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243669033 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.243725061 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.244137049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285217047 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285245895 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285410881 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285501003 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.285592079 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.285597086 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285732031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285757065 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.285825968 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.286063910 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286201954 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286276102 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.286312103 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286473036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286535978 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.286695004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286717892 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286788940 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.286864996 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286889076 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.286952972 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.287158012 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287184954 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287250042 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.287353992 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287379980 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287404060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287436008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.287487984 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.287527084 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287787914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287813902 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.287868023 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.287921906 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288216114 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288238049 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288254976 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288297892 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.288337946 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.288443089 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288599968 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288674116 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.288770914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.288845062 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.289036036 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289112091 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289155960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289226055 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.289319038 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289505005 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289534092 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.289547920 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289678097 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.289678097 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289720058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.289793968 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.289839029 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331008911 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331057072 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331090927 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331139088 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.331176996 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.331270933 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331384897 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331449986 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.331538916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331573009 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331636906 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.331729889 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.331943989 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332062960 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332119942 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.332139015 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332168102 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332226038 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.332289934 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332498074 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332557917 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.332714081 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332731962 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332781076 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.332814932 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332833052 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.332875967 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.333030939 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333079100 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.333179951 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333198071 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333259106 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.333375931 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333451986 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333504915 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.333677053 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333722115 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.333796978 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.334043026 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334062099 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334079981 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334111929 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.334301949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334534883 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334594965 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.334723949 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334743977 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334760904 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.334793091 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.334810019 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.334975004 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.335125923 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.335172892 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.335319042 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.335338116 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.335401058 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.376630068 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.376703024 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.376728058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.376812935 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.376827002 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.376871109 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.377032042 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.377054930 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.377106905 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.377234936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.377259016 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.377314091 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.377711058 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.377933025 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.377959013 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378016949 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.378217936 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378243923 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378276110 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.378396988 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378457069 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378505945 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378587008 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.378603935 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378832102 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378885031 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.378890991 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.379005909 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379064083 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.379065990 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379204035 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379276037 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.379381895 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379435062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379489899 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.379590034 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379609108 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379679918 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.379755020 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379774094 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379887104 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.379910946 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.379957914 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.380120039 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.380125999 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.380140066 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.380208015 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.380331993 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.380557060 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.380650997 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.643959045 CET497245512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.659832001 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.689467907 CET55124972489.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.689584017 CET497245512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.691869020 CET497245512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.733051062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.733278990 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.737272978 CET55124972489.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.738982916 CET497245512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:30.810020924 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:30.810056925 CET55124972489.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:33.585573912 CET497245512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:33.632124901 CET55124972489.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:33.633069038 CET55124972489.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:33.635845900 CET497245512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:39.518264055 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:39.597198963 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:39.597266912 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:39.643115044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:39.689536095 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:39.734838963 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:39.739931107 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:39.812994957 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:39.813086987 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:39.897680044 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:45.553466082 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:45.596364975 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:45.641760111 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:45.690013885 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:49.922492981 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:50.007457972 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:50.009248972 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:50.055278063 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:50.221740961 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:50.267088890 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:50.273228884 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:50.377641916 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:03:50.377835989 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:03:50.480139971 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:00.578481913 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:00.663003922 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:00.663105965 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:00.708955050 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:00.767422915 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:00.813178062 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:00.823652983 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:00.916256905 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:00.916362047 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:01.001164913 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:01.848274946 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:01.893690109 CET55124972989.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:01.893836021 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:02.052702904 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:02.133893967 CET55124972989.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:02.657819986 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:02.735485077 CET55124972989.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:04.190963984 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:04.272315025 CET55124972989.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:05.576030016 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:05.643752098 CET55124972989.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:06.544908047 CET497295512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.571500063 CET497305512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.616708040 CET55124973089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:10.616951942 CET497305512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.617295980 CET497305512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.689107895 CET55124973089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:10.759449005 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.842206955 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:10.842324018 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.888302088 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:10.945792913 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:10.991143942 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:10.992533922 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:11.089749098 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:11.091530085 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:11.174518108 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:15.546998978 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:15.602427959 CET497205512192.168.2.389.238.150.43
                                                                    Jan 12, 2022 09:04:15.647803068 CET55124972089.238.150.43192.168.2.3
                                                                    Jan 12, 2022 09:04:15.696841955 CET497205512192.168.2.389.238.150.43

                                                                    Code Manipulations

                                                                    Statistics

                                                                    CPU Usage

                                                                    Click to jump to process

                                                                    Memory Usage

                                                                    Click to jump to process

                                                                    High Level Behavior Distribution

                                                                    Click to dive into process behavior distribution

                                                                    Behavior

                                                                    Click to jump to process

                                                                    System Behavior

                                                                    Analysis Process: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964 Parent PID: 4648

                                                                    General

                                                                    Start time:09:02:00
                                                                    Start date:12/01/2022
                                                                    Path:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe"
                                                                    Imagebase:0x390000
                                                                    File size:567808 bytes
                                                                    MD5 hash:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000000.00000002.338424053.0000000002701000.00000004.00000001.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: powershell.exe PID: 6080 Parent PID: 6964

                                                                    General

                                                                    Start time:09:02:10
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                                                                    Imagebase:0x50000
                                                                    File size:430592 bytes
                                                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 6100 Parent PID: 6080

                                                                    General

                                                                    Start time:09:02:11
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7f20f0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: schtasks.exe PID: 6136 Parent PID: 6964

                                                                    General

                                                                    Start time:09:02:11
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmp71CD.tmp
                                                                    Imagebase:0x1010000
                                                                    File size:185856 bytes
                                                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 5800 Parent PID: 6136

                                                                    General

                                                                    Start time:09:02:13
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7f20f0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: RFQ_GGMC-Ref 12-01-2022.exe PID: 7000 Parent PID: 6964

                                                                    General

                                                                    Start time:09:02:13
                                                                    Start date:12/01/2022
                                                                    Path:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    Imagebase:0x160000
                                                                    File size:567808 bytes
                                                                    MD5 hash:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: RFQ_GGMC-Ref 12-01-2022.exe PID: 6948 Parent PID: 6964

                                                                    General

                                                                    Start time:09:02:16
                                                                    Start date:12/01/2022
                                                                    Path:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\Desktop\RFQ_GGMC-Ref 12-01-2022.exe
                                                                    Imagebase:0x580000
                                                                    File size:567808 bytes
                                                                    MD5 hash:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000000.335571895.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000000.335001041.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000002.359864523.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000000.334452217.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 00000007.00000000.333878908.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                    Reputation:low

                                                                    Chronological Activities

                                                                    Analysis Process: cmd.exe PID: 5684 Parent PID: 6948

                                                                    General

                                                                    Start time:09:02:29
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"' & exit
                                                                    Imagebase:0xd80000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 5852 Parent PID: 5684

                                                                    General

                                                                    Start time:09:02:29
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7f20f0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: cmd.exe PID: 3868 Parent PID: 6948

                                                                    General

                                                                    Start time:09:02:29
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\cmd.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\system32\cmd.exe /c ""C:\Users\user\AppData\Local\Temp\tmpB8D1.tmp.bat""
                                                                    Imagebase:0xd80000
                                                                    File size:232960 bytes
                                                                    MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: schtasks.exe PID: 5580 Parent PID: 5684

                                                                    General

                                                                    Start time:09:02:30
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:schtasks /create /f /sc onlogon /rl highest /tn "mozille" /tr '"C:\Users\user\AppData\Local\Temp\mozille.exe"'
                                                                    Imagebase:0x1010000
                                                                    File size:185856 bytes
                                                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 6276 Parent PID: 3868

                                                                    General

                                                                    Start time:09:02:30
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7f20f0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: timeout.exe PID: 2292 Parent PID: 3868

                                                                    General

                                                                    Start time:09:02:31
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\timeout.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:timeout 3
                                                                    Imagebase:0x320000
                                                                    File size:26112 bytes
                                                                    MD5 hash:121A4EDAE60A7AF6F5DFA82F7BB95659
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: mozille.exe PID: 6316 Parent PID: 664

                                                                    General

                                                                    Start time:09:02:31
                                                                    Start date:12/01/2022
                                                                    Path:C:\Users\user\AppData\Local\Temp\mozille.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\Temp\mozille.exe
                                                                    Imagebase:0x260000
                                                                    File size:567808 bytes
                                                                    MD5 hash:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_AsyncRAT, Description: Yara detected AsyncRAT, Source: 0000000E.00000002.393670309.0000000002651000.00000004.00000001.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: mozille.exe PID: 6564 Parent PID: 3868

                                                                    General

                                                                    Start time:09:02:36
                                                                    Start date:12/01/2022
                                                                    Path:C:\Users\user\AppData\Local\Temp\mozille.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\AppData\Local\Temp\mozille.exe"
                                                                    Imagebase:0xf10000
                                                                    File size:567808 bytes
                                                                    MD5 hash:9FD45110BAD75CDA6DE67232014AEB6E
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 0000000F.00000002.572294732.00000000032C1000.00000004.00000001.sdmp, Author: Joe Security

                                                                    Chronological Activities

                                                                    Analysis Process: powershell.exe PID: 5400 Parent PID: 6316

                                                                    General

                                                                    Start time:09:02:38
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                                                                    Imagebase:0x50000
                                                                    File size:430592 bytes
                                                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:.Net C# or VB.NET

                                                                    Chronological Activities

                                                                    Analysis Process: conhost.exe PID: 5824 Parent PID: 5400

                                                                    General

                                                                    Start time:09:02:39
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff7f20f0000
                                                                    File size:625664 bytes
                                                                    MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: schtasks.exe PID: 5192 Parent PID: 6316

                                                                    General

                                                                    Start time:09:02:39
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\System32\schtasks.exe" /Create /TN "Updates\lhWbLvHNlciwu" /XML "C:\Users\user\AppData\Local\Temp\tmpCDE7.tmp
                                                                    Imagebase:0x1010000
                                                                    File size:185856 bytes
                                                                    MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Analysis Process: powershell.exe PID: 5452 Parent PID: 6564

                                                                    General

                                                                    Start time:09:02:40
                                                                    Start date:12/01/2022
                                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\lhWbLvHNlciwu.exe
                                                                    Imagebase:0x2d0000
                                                                    File size:430592 bytes
                                                                    MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language

                                                                    Chronological Activities

                                                                    Disassembly

                                                                    Code Analysis

                                                                    Reset < >

                                                                      Analysis Process: RFQ_GGMC-Ref 12-01-2022.exe PID: 6964 Parent PID: 4648 RFQ_GGMC-Ref 12-01-2022.exeCOMMON

                                                                      Execution Graph

                                                                      Execution Coverage:9.1%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:74
                                                                      Total number of Limit Nodes:5

                                                                      Graph

                                                                      execution_graph 12021 a34110 12023 a3411b 12021->12023 12022 a34193 12023->12022 12026 a34349 12023->12026 12031 a33ca4 12023->12031 12027 a3436d 12026->12027 12036 a34438 12027->12036 12040 a34448 12027->12040 12033 a33caf 12031->12033 12032 a36c59 12032->12023 12033->12032 12048 a36cd0 12033->12048 12051 a36cc8 12033->12051 12038 a3446f 12036->12038 12037 a3454c 12037->12037 12038->12037 12044 a34070 12038->12044 12042 a3446f 12040->12042 12041 a3454c 12041->12041 12042->12041 12043 a34070 CreateActCtxA 12042->12043 12043->12041 12045 a358d8 CreateActCtxA 12044->12045 12047 a3599b 12045->12047 12049 a36cd8 12048->12049 12054 a355ec 12048->12054 12049->12033 12052 a355ec 2 API calls 12051->12052 12053 a36cd8 12052->12053 12053->12033 12055 a355f7 12054->12055 12058 a355fc 12055->12058 12057 a36d75 12057->12049 12059 a35607 12058->12059 12062 a3562c 12059->12062 12061 a36e5a 12061->12057 12063 a35637 12062->12063 12066 a3565c 12063->12066 12065 a36f4a 12065->12061 12067 a35667 12066->12067 12068 a37409 12067->12068 12074 a376aa 12067->12074 12070 a3765e 12068->12070 12079 a39858 12068->12079 12069 a3769c 12069->12065 12070->12069 12082 a3b988 12070->12082 12075 a37672 12074->12075 12077 a376b3 12074->12077 12076 a3769c 12075->12076 12078 a3b988 2 API calls 12075->12078 12076->12068 12077->12068 12078->12076 12086 a39950 12079->12086 12080 a39867 12080->12070 12083 a3b9a9 12082->12083 12084 a3b9cd 12083->12084 12101 a3bb38 12083->12101 12084->12069 12087 a39963 12086->12087 12088 a3997b 12087->12088 12093 a39bd8 12087->12093 12088->12080 12089 a39973 12089->12088 12090 a39b78 GetModuleHandleW 12089->12090 12091 a39ba5 12090->12091 12091->12080 12094 a39bec 12093->12094 12095 a39c11 12094->12095 12097 a39368 12094->12097 12095->12089 12098 a39db8 LoadLibraryExW 12097->12098 12100 a39e31 12098->12100 12100->12095 12103 a3bb45 12101->12103 12102 a3bb7f 12102->12084 12103->12102 12105 a3b614 12103->12105 12106 a3b61f 12105->12106 12108 a3c470 12106->12108 12109 a3b6fc 12106->12109 12110 a3b707 12109->12110 12111 a3565c LoadLibraryExW GetModuleHandleW 12110->12111 12112 a3c4df 12110->12112 12111->12112 12114 a3e262 LoadLibraryExW GetModuleHandleW 12112->12114 12115 a3e268 LoadLibraryExW GetModuleHandleW 12112->12115 12113 a3c518 12113->12108 12114->12113 12115->12113 12116 a3beda DuplicateHandle 12117 a3bf0e 12116->12117

                                                                      Executed Functions

                                                                      Function 00A39950, Relevance: 1.7, APIs: 1, Instructions: 189COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 305 a39950-a39965 call a39304 308 a39967-a39975 call a39bd8 305->308 309 a3997b-a3997f 305->309 308->309 313 a39ab0-a39b70 308->313 310 a39993-a399d4 309->310 311 a39981-a3998b 309->311 316 a399e1-a399ef 310->316 317 a399d6-a399de 310->317 311->310 353 a39b72-a39b75 313->353 354 a39b78-a39ba3 GetModuleHandleW 313->354 319 a39a13-a39a15 316->319 320 a399f1-a399f6 316->320 317->316 321 a39a18-a39a1f 319->321 322 a39a01 320->322 323 a399f8-a399ff call a39310 320->323 325 a39a21-a39a29 321->325 326 a39a2c-a39a33 321->326 324 a39a03-a39a11 322->324 323->324 324->321 325->326 330 a39a40-a39a49 call a39320 326->330 331 a39a35-a39a3d 326->331 336 a39a56-a39a5b 330->336 337 a39a4b-a39a53 330->337 331->330 338 a39a79-a39a80 call a39ee0 336->338 339 a39a5d-a39a64 336->339 337->336 342 a39a83-a39a86 338->342 339->338 341 a39a66-a39a76 call a39330 call a39340 339->341 341->338 346 a39aa9-a39aaf 342->346 347 a39a88-a39aa6 342->347 347->346 353->354 355 a39ba5-a39bab 354->355 356 a39bac-a39bc0 354->356 355->356
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00A39B96
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 935161d871fd690fa5e5ffb7265581d41ba372f396b27c50ebd515af79f83b6e
                                                                      • Instruction ID: 17922bc72ec181f00e8c5db0b61a841e5afe764da6879091eb0f9e308c4a27bf
                                                                      • Opcode Fuzzy Hash: 935161d871fd690fa5e5ffb7265581d41ba372f396b27c50ebd515af79f83b6e
                                                                      • Instruction Fuzzy Hash: 89711570A00B058FDB24DF69D14579BB7F1BF88344F008A2DE486DBA50DB75E94ACB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A34070, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 360 a34070-a35999 CreateActCtxA 363 a359a2-a359fc 360->363 364 a3599b-a359a1 360->364 371 a35a0b-a35a0f 363->371 372 a359fe-a35a01 363->372 364->363 373 a35a11-a35a1d 371->373 374 a35a20 371->374 372->371 373->374
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 00A35989
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: 9429ee4b1ba82bc2478a70f059621b87b2759ac09f156931c39a0acf3ca0dfac
                                                                      • Instruction ID: 6bdcfafb41c7088014acbf12ec04161d71190b144fdbb35ef3ce158813eda3ae
                                                                      • Opcode Fuzzy Hash: 9429ee4b1ba82bc2478a70f059621b87b2759ac09f156931c39a0acf3ca0dfac
                                                                      • Instruction Fuzzy Hash: EA41D270D00618CBDB24DFA9C8887CEBBB5BF49308F208569E419AB251DB716946CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A39368, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 376 a39368-a39df8 378 a39e00-a39e2f LoadLibraryExW 376->378 379 a39dfa-a39dfd 376->379 380 a39e31-a39e37 378->380 381 a39e38-a39e55 378->381 379->378 380->381
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00A39C11,00000800,00000000,00000000), ref: 00A39E22
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: bad37a5f48a2cb27c93c40718643817a2bf86f1ad0d4c924044a236d06bb1763
                                                                      • Instruction ID: 2056d0220524cc3c0fc44f784b3c5571cf9b0db48bb016237d9fd15c51f937a6
                                                                      • Opcode Fuzzy Hash: bad37a5f48a2cb27c93c40718643817a2bf86f1ad0d4c924044a236d06bb1763
                                                                      • Instruction Fuzzy Hash: A311F6B69003499FDB10CF9AD444ADFFBF8EB48324F14842AE455A7700C3B5A945CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A39B30, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 384 a39b30-a39b70 385 a39b72-a39b75 384->385 386 a39b78-a39ba3 GetModuleHandleW 384->386 385->386 387 a39ba5-a39bab 386->387 388 a39bac-a39bc0 386->388 387->388
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00A39B96
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: a6c0bbcb9baa9f745b631986c5287382d24da7250ad30578675d205e8d574afb
                                                                      • Instruction ID: 04cf1c5f4305ebd0b848f15748e460e12f8fbbe0467f154ed5c6391d4b341394
                                                                      • Opcode Fuzzy Hash: a6c0bbcb9baa9f745b631986c5287382d24da7250ad30578675d205e8d574afb
                                                                      • Instruction Fuzzy Hash: 8211E0B5C006498FDB10CF9AD444BDEFBF4AF88324F14852AD429B7610C3B5A545CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A3BEDA, Relevance: 1.5, APIs: 1, Instructions: 31COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 390 a3beda-a3bf0c DuplicateHandle 391 a3bf15-a3bf32 390->391 392 a3bf0e-a3bf14 390->392 392->391
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00A3BEFF
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 499c16a12d81cd9cdd400d3ddc1f02071d2b8254fde8bfada4879f06426bcff7
                                                                      • Instruction ID: 3028fcd89ac66c05f80e6c9621ab67cce769f952364b44c7a14a93f84baacaab
                                                                      • Opcode Fuzzy Hash: 499c16a12d81cd9cdd400d3ddc1f02071d2b8254fde8bfada4879f06426bcff7
                                                                      • Instruction Fuzzy Hash: 5EF01DB2910208AEEF108FD9D848BEEFBF9EB84318F14841AF514A2250C3759954CF65
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Function 00A3E730, Relevance: .3, Instructions: 315COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42c984bc525e4acaac3ec9d4235cdceea9019abbe8f766f631341d25400daaee
                                                                      • Instruction ID: d64c25b356f76f50ae3738c87222957fc24f3a826a2febaa0c968a9455258f81
                                                                      • Opcode Fuzzy Hash: 42c984bc525e4acaac3ec9d4235cdceea9019abbe8f766f631341d25400daaee
                                                                      • Instruction Fuzzy Hash: 6912B2F1C91746CADB10CF69E99858D3BA1B74432CBD06A09D2631FAD1D7B811EACF84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A3C764, Relevance: .3, Instructions: 265COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 18d6e9500cbcd67353d537d9e3f405d018e276d69999b2a4d1446a85a5ec97f4
                                                                      • Instruction ID: 43a24f664551992c9a9d8e929d90f44c41015bc3522ca0fead39feec672c2708
                                                                      • Opcode Fuzzy Hash: 18d6e9500cbcd67353d537d9e3f405d018e276d69999b2a4d1446a85a5ec97f4
                                                                      • Instruction Fuzzy Hash: 08A17A32E00209CFCF05DFA5D94459EBBB2FF88310F15856AF905BB221EB75AA45CB80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A3E721, Relevance: .2, Instructions: 220COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.337698432.0000000000A30000.00000040.00000001.sdmp, Offset: 00A30000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_a30000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a277595f19aae52052d922e3b1915d3021bf3331ae32ea2c4e8108f1e5d40e7
                                                                      • Instruction ID: 921bc2be6d6022ce73e304133fa4da0dd26e4644b5a37ccd4371d2f08efcf1a8
                                                                      • Opcode Fuzzy Hash: 8a277595f19aae52052d922e3b1915d3021bf3331ae32ea2c4e8108f1e5d40e7
                                                                      • Instruction Fuzzy Hash: 85C12BB1C91746CBDB10CF69E89858D3B61BB8532CF906A18D2622F6D0D7B414EECF84
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Analysis Process: RFQ_GGMC-Ref 12-01-2022.exe PID: 6948 Parent PID: 6964 RFQ_GGMC-Ref 12-01-2022.exeCOMMON

                                                                      Executed Functions

                                                                      Function 02931040, Relevance: 2.6, Strings: 2, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: TSPl$TSPl
                                                                      • API String ID: 0-2929076120
                                                                      • Opcode ID: 69e3b6900e7b4070c72df4d18fad702cacd6ccc95305eb697f0068133e0423f0
                                                                      • Instruction ID: 4ab18594b1c6ebf1adcbf45335b8554c3e6fa98c21d566e898365619e1e636ea
                                                                      • Opcode Fuzzy Hash: 69e3b6900e7b4070c72df4d18fad702cacd6ccc95305eb697f0068133e0423f0
                                                                      • Instruction Fuzzy Hash: 9A11C474B00204CFCB45EBB9C844AAE77EAEF882157050879C40ADB760FB32DC46CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 029311B9, Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 8^Pl
                                                                      • API String ID: 0-2353429711
                                                                      • Opcode ID: b5424fad04d596c44f3f198d748bedc42f0abbcbccaa1b785168e5f9fb511f26
                                                                      • Instruction ID: 6ceca0b38b177a9865569b04503daa6ace7d6dbb7d5045d692756a78692fc848
                                                                      • Opcode Fuzzy Hash: b5424fad04d596c44f3f198d748bedc42f0abbcbccaa1b785168e5f9fb511f26
                                                                      • Instruction Fuzzy Hash: F7B118347001048FCB09EBA8D458AAD77F6EF88318B2584A9E506DB7B5DF35EC46CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02931031, Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: TSPl
                                                                      • API String ID: 0-4117669671
                                                                      • Opcode ID: abe3eeec080dd2a37440f88e4d6492a2a39734f660d299260c989af9785d91fd
                                                                      • Instruction ID: a8cd4d4690e3faa36f73bce24c98491a72d37a5fff5569e41b62e7bcebd166ee
                                                                      • Opcode Fuzzy Hash: abe3eeec080dd2a37440f88e4d6492a2a39734f660d299260c989af9785d91fd
                                                                      • Instruction Fuzzy Hash: 4111C274B01244CFCB45EBB9C855AAE7BE6EF882193050879C409DB765EB31DC06CB90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 029312A0, Relevance: .2, Instructions: 169COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3348a828e5f82aadeac5845318e3cc1834ea7c974cc6c82b52fdbce0e8ec2a1f
                                                                      • Instruction ID: d3500e65abd452edaa6e507a187f55ba435f6f09fde0aca33ad3e907638191a2
                                                                      • Opcode Fuzzy Hash: 3348a828e5f82aadeac5845318e3cc1834ea7c974cc6c82b52fdbce0e8ec2a1f
                                                                      • Instruction Fuzzy Hash: 386109347001048FDB54EBA8D498AAD77F6EF88314F2544A9E5069B7B6DF71EC02CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930AB8, Relevance: .2, Instructions: 161COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 430acc244d4b2060f0225b91570da75d36bd7e08c21db8efd8d5755ca490bd2b
                                                                      • Instruction ID: 70165cbc5e2b512f4c2c130f781a776758cc6e0fd997ca94115211d4306fd561
                                                                      • Opcode Fuzzy Hash: 430acc244d4b2060f0225b91570da75d36bd7e08c21db8efd8d5755ca490bd2b
                                                                      • Instruction Fuzzy Hash: 4C51B230B101149FCB04DF68D458AAEBBF6EF89704F2581AAE405EF3A1CB75ED018B91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930920, Relevance: .1, Instructions: 132COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: efa75a2b35e9c2a5106916daebe0d9b24d2618b5d4c6d7c486ba6a452a1db203
                                                                      • Instruction ID: 87bb6205c041e6f26f79c2bfd30d4bebcbe10b67638c64431152fdfcb5646033
                                                                      • Opcode Fuzzy Hash: efa75a2b35e9c2a5106916daebe0d9b24d2618b5d4c6d7c486ba6a452a1db203
                                                                      • Instruction Fuzzy Hash: 2441B130B002048FDB15DB69D854B9EBBF6EF89304F1484AAE106EB3A1DB75DC05CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 029306A0, Relevance: .1, Instructions: 118COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 27e20c455068279d2c245d3def3ec9ea739b8e068e437d352af257526521df41
                                                                      • Instruction ID: ada09f6a0abf72e07ebfb629f068140143538b7b64cada7d76b99c4130d2a7ee
                                                                      • Opcode Fuzzy Hash: 27e20c455068279d2c245d3def3ec9ea739b8e068e437d352af257526521df41
                                                                      • Instruction Fuzzy Hash: 4851C538601205DFCB47FF75E584A9A7762FB853097108A69D4068B2BAFB31A907CF80
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930DD0, Relevance: .1, Instructions: 113COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9f54075a0c6591aa58ff700817753fcc13bc40b6514de467b13e4ef22940dcc5
                                                                      • Instruction ID: 67656380a759b025a203a3056c8c7fa3bedcb8f8f138feb5927710c5ece166bb
                                                                      • Opcode Fuzzy Hash: 9f54075a0c6591aa58ff700817753fcc13bc40b6514de467b13e4ef22940dcc5
                                                                      • Instruction Fuzzy Hash: 7541A270F002489FCB14EBB8D8516AEBBFAEFC5304F148569D44ADB745EB34D9428B92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930910, Relevance: .1, Instructions: 93COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 306b87ccaf3a590a75faf23e01d875f2a8a1b209159be9db66fda229a367cd68
                                                                      • Instruction ID: 72cfb322a91ab1dce1bf169f575787de00ad3456058887380562d8efa955d3f5
                                                                      • Opcode Fuzzy Hash: 306b87ccaf3a590a75faf23e01d875f2a8a1b209159be9db66fda229a367cd68
                                                                      • Instruction Fuzzy Hash: 0631A134A002049FDB15DF69D458BAEBBF6EF89304F1485A9E041AB7A1CB75DC05CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930F3A, Relevance: .1, Instructions: 91COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0cc90eae901ea5fee65fea209686f57ffdc69c73611584dc7aeeddfcfd3a2297
                                                                      • Instruction ID: 0690d5a64882bf6e5897e0856cd4cfe79e9ed119e6bcbc071fda3f9b5155262f
                                                                      • Opcode Fuzzy Hash: 0cc90eae901ea5fee65fea209686f57ffdc69c73611584dc7aeeddfcfd3a2297
                                                                      • Instruction Fuzzy Hash: 4D31BF30F002558FCB45EBB88851AAEBBF6EF89204B14447DE545DB3A1EB30DC06CB92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930598, Relevance: .1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c8e08d67a25f7ccda86d636d6692a848d4a0ed4630f6799704bfec7f433a219
                                                                      • Instruction ID: e93f0ddda84780d1c85f48625a326de062920782c331676a2a3597a021357fed
                                                                      • Opcode Fuzzy Hash: 7c8e08d67a25f7ccda86d636d6692a848d4a0ed4630f6799704bfec7f433a219
                                                                      • Instruction Fuzzy Hash: 8421A430601221CFDF5AAB76DC1877E3BA8AF8434DB10162ED407C21A9EB30D445CE91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00CCD4A0, Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360175841.0000000000CCD000.00000040.00000001.sdmp, Offset: 00CCD000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_ccd000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 056ecd797f408e209fbea7190e1bced19b81bc8e27d7188a64d7f17a738c4632
                                                                      • Instruction ID: ad41e026725f47f0abda9704a58340b5504ec8e1d31c492c0e720d72bf034166
                                                                      • Opcode Fuzzy Hash: 056ecd797f408e209fbea7190e1bced19b81bc8e27d7188a64d7f17a738c4632
                                                                      • Instruction Fuzzy Hash: 1A2103B1504240DFDB05CF54D9C0F66BB65FB98328F24897DE90A0A256C336E946CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00CCD3B4, Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360175841.0000000000CCD000.00000040.00000001.sdmp, Offset: 00CCD000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_ccd000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c542d8ae4478c0b07d66e53cba01e96e865f65cc1d8df14225ec3e977bf5e182
                                                                      • Instruction ID: fb57de37671dd330b797528832d8805b295fe5c21d6c43d256e4ac6766d2c1bf
                                                                      • Opcode Fuzzy Hash: c542d8ae4478c0b07d66e53cba01e96e865f65cc1d8df14225ec3e977bf5e182
                                                                      • Instruction Fuzzy Hash: CC212571500240DFCB08DF54D9C0F66BB65FB94324F24C97DE90A0B656C336E846CBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 029305A8, Relevance: .1, Instructions: 71COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8503bcd672e70a0dd46058a08eecf4ed164b8cf8e4c6d49a7e2715ce694a61be
                                                                      • Instruction ID: 971da858647ba731b0b5f0bcc48fdc5063d5fa0a881d4b06edd2decfceeaaf06
                                                                      • Opcode Fuzzy Hash: 8503bcd672e70a0dd46058a08eecf4ed164b8cf8e4c6d49a7e2715ce694a61be
                                                                      • Instruction Fuzzy Hash: B7216630601225CFDF5ABB75D91877E3BA8AF8434D7001A3AD847C26A9EF30D444CE92
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00CCD3AF, Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360175841.0000000000CCD000.00000040.00000001.sdmp, Offset: 00CCD000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_ccd000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e6c89239df67498be77b060bf65be1ef1e38a19ab4644c7e8481d50feaf49eb
                                                                      • Instruction ID: b0473f5185b73481d1b6af11b990bdff55c715e9a15354a780e9e203735a7d04
                                                                      • Opcode Fuzzy Hash: 3e6c89239df67498be77b060bf65be1ef1e38a19ab4644c7e8481d50feaf49eb
                                                                      • Instruction Fuzzy Hash: 2611BE76404280CFCB16CF10D9C4B16BF71FB94324F28C6ADD9494B656C33AE95ACBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00CCD49B, Relevance: .1, Instructions: 56COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360175841.0000000000CCD000.00000040.00000001.sdmp, Offset: 00CCD000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_ccd000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e6c89239df67498be77b060bf65be1ef1e38a19ab4644c7e8481d50feaf49eb
                                                                      • Instruction ID: 959c23b42e9bbb99fd8779e1df75dfc06a52665b521cf7bffd983646db28380c
                                                                      • Opcode Fuzzy Hash: 3e6c89239df67498be77b060bf65be1ef1e38a19ab4644c7e8481d50feaf49eb
                                                                      • Instruction Fuzzy Hash: BD11B1B6504280CFCB12CF14D5C4B16BF71FB84324F2486ADD8050B656C336D95ACBA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02930A3D, Relevance: .0, Instructions: 47COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ad37013d199c0d4756a2501653b2f7d9773371815c4226b0de0f2b2cf128a91
                                                                      • Instruction ID: 4467e0a20d40d9cab5d65162fe454843b9d772a0adb82ef19d16cdf05130be66
                                                                      • Opcode Fuzzy Hash: 6ad37013d199c0d4756a2501653b2f7d9773371815c4226b0de0f2b2cf128a91
                                                                      • Instruction Fuzzy Hash: C5F02D303083501FC70A97756C2456E3BDB9FC619431500BBD10ACB3A2DE148C078362
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02931588, Relevance: .0, Instructions: 23COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ff47fb7552d446f306153852aff1f326adcf0e9d87fe1fa9653e82830a99c7db
                                                                      • Instruction ID: 62b6606a2f6c46484df416babb969213bfad562c86b0133493d8e2118ee95498
                                                                      • Opcode Fuzzy Hash: ff47fb7552d446f306153852aff1f326adcf0e9d87fe1fa9653e82830a99c7db
                                                                      • Instruction Fuzzy Hash: 8EE09B317087948BCB35D778D0103DE77D25F8131CF040C6DC18A4B681CB67A90883A6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 02931608, Relevance: .0, Instructions: 18COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 00000007.00000002.360592416.0000000002930000.00000040.00000001.sdmp, Offset: 02930000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_7_2_2930000_RFQ_GGMC-Ref 12-01-2022.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36a2b715bf9cb376570ef3e29f491ffc8a324c1f8b011ef4435fe45e1370c17e
                                                                      • Instruction ID: e3a34f7a66ea5a98855978796c775531be05c66fa505967360e257f9557bccbe
                                                                      • Opcode Fuzzy Hash: 36a2b715bf9cb376570ef3e29f491ffc8a324c1f8b011ef4435fe45e1370c17e
                                                                      • Instruction Fuzzy Hash: A0D0A7317000105B860067B8F40989D37E99FC66547904469E046DFB51CE25EC010BD6
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Analysis Process: mozille.exe PID: 6316 Parent PID: 664 mozille.exeCOMMON

                                                                      Execution Graph

                                                                      Execution Coverage:5.6%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:105
                                                                      Total number of Limit Nodes:6

                                                                      Graph

                                                                      execution_graph 27872 c1bc50 27873 c1bcb6 27872->27873 27877 c1be00 27873->27877 27880 c1be10 27873->27880 27874 c1bd65 27883 c1b69c 27877->27883 27881 c1b69c DuplicateHandle 27880->27881 27882 c1be3e 27880->27882 27881->27882 27882->27874 27884 c1be78 DuplicateHandle 27883->27884 27885 c1be3e 27884->27885 27885->27874 27886 c14110 27888 c1411b 27886->27888 27887 c14193 27888->27887 27891 c14349 27888->27891 27897 c13ca4 27888->27897 27892 c14361 27891->27892 27894 c143a9 27891->27894 27902 c14448 27892->27902 27906 c14438 27892->27906 27894->27888 27898 c13caf 27897->27898 27899 c16c59 27898->27899 27914 c16cc0 27898->27914 27917 c16cd0 27898->27917 27899->27888 27903 c1446f 27902->27903 27904 c1454c 27903->27904 27910 c14070 27903->27910 27908 c1446f 27906->27908 27907 c1454c 27907->27907 27908->27907 27909 c14070 CreateActCtxA 27908->27909 27909->27907 27911 c158d8 CreateActCtxA 27910->27911 27913 c1599b 27911->27913 27920 c155ec 27914->27920 27916 c16cd8 27916->27898 27918 c16cd8 27917->27918 27919 c155ec 2 API calls 27917->27919 27918->27898 27919->27918 27921 c155f7 27920->27921 27924 c155fc 27921->27924 27923 c16d75 27923->27916 27925 c15607 27924->27925 27928 c1562c 27925->27928 27927 c16e5a 27927->27923 27929 c15637 27928->27929 27932 c1565c 27929->27932 27931 c16f4a 27931->27927 27933 c15667 27932->27933 27934 c17409 27933->27934 27942 c176aa 27933->27942 27936 c1765e 27934->27936 27947 c19858 27934->27947 27950 c19850 27934->27950 27935 c1769c 27935->27931 27936->27935 27953 c1b979 27936->27953 27959 c1b988 27936->27959 27943 c1765c 27942->27943 27944 c1769c 27943->27944 27945 c1b979 2 API calls 27943->27945 27946 c1b988 2 API calls 27943->27946 27944->27934 27945->27944 27946->27944 27948 c19867 27947->27948 27965 c19950 27947->27965 27948->27936 27952 c19950 2 API calls 27950->27952 27951 c19867 27951->27936 27952->27951 27954 c1b9a9 27953->27954 27955 c1b9cd 27954->27955 27985 c1baf5 27954->27985 27990 c1bb38 27954->27990 27994 c1bb27 27954->27994 27955->27935 27960 c1b9a9 27959->27960 27961 c1b9cd 27960->27961 27962 c1baf5 2 API calls 27960->27962 27963 c1bb27 2 API calls 27960->27963 27964 c1bb38 2 API calls 27960->27964 27961->27935 27962->27961 27963->27961 27964->27961 27966 c19963 27965->27966 27967 c1997b 27966->27967 27973 c19bc9 27966->27973 27977 c19bd8 27966->27977 27967->27948 27968 c19973 27968->27967 27969 c19b78 GetModuleHandleW 27968->27969 27970 c19ba5 27969->27970 27970->27948 27974 c19bec 27973->27974 27975 c19c11 27974->27975 27981 c19368 27974->27981 27975->27968 27978 c19bec 27977->27978 27979 c19c11 27978->27979 27980 c19368 LoadLibraryExW 27978->27980 27979->27968 27980->27979 27983 c19db8 LoadLibraryExW 27981->27983 27984 c19e31 27983->27984 27984->27975 27986 c1bb0b 27985->27986 27987 c1bb53 27985->27987 27986->27955 27988 c1bb7f 27987->27988 27998 c1b614 27987->27998 27988->27955 27992 c1bb45 27990->27992 27991 c1bb7f 27991->27955 27992->27991 27993 c1b614 2 API calls 27992->27993 27993->27991 27995 c1bb45 27994->27995 27996 c1b614 2 API calls 27995->27996 27997 c1bb7f 27995->27997 27996->27997 27997->27955 27999 c1b61f 27998->27999 28001 c1c470 27999->28001 28002 c1b6fc 27999->28002 28001->28001 28003 c1b707 28002->28003 28004 c1565c LoadLibraryExW GetModuleHandleW 28003->28004 28005 c1c4df 28004->28005 28007 c1e262 LoadLibraryExW GetModuleHandleW 28005->28007 28008 c1e268 LoadLibraryExW GetModuleHandleW 28005->28008 28006 c1c518 28006->28001 28007->28006 28008->28006

                                                                      Executed Functions

                                                                      Function 00C19950, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 305 c19950-c19965 call c19304 308 c19967 305->308 309 c1997b-c1997f 305->309 361 c1996d call c19bc9 308->361 362 c1996d call c19bd8 308->362 310 c19981-c1998b 309->310 311 c19993-c199d4 309->311 310->311 316 c199e1-c199ef 311->316 317 c199d6-c199de 311->317 312 c19973-c19975 312->309 314 c19ab0-c19b70 312->314 354 c19b72-c19b75 314->354 355 c19b78-c19ba3 GetModuleHandleW 314->355 319 c199f1-c199f6 316->319 320 c19a13-c19a15 316->320 317->316 321 c19a01 319->321 322 c199f8-c199ff call c19310 319->322 323 c19a18-c19a1f 320->323 326 c19a03-c19a11 321->326 322->326 327 c19a21-c19a29 323->327 328 c19a2c-c19a33 323->328 326->323 327->328 330 c19a40-c19a49 call c19320 328->330 331 c19a35-c19a3d 328->331 336 c19a56-c19a5b 330->336 337 c19a4b-c19a53 330->337 331->330 338 c19a79-c19a7d 336->338 339 c19a5d-c19a64 336->339 337->336 359 c19a80 call c19ee0 338->359 360 c19a80 call c19eb0 338->360 339->338 341 c19a66-c19a76 call c19330 call c19340 339->341 341->338 344 c19a83-c19a86 346 c19aa9-c19aaf 344->346 347 c19a88-c19aa6 344->347 347->346 354->355 356 c19ba5-c19bab 355->356 357 c19bac-c19bc0 355->357 356->357 359->344 360->344 361->312 362->312
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00C19B96
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: da2881eb90dff7ec9bf4f7ab6db9fdbc46f359a5ee4e2a773ad9b47821052c46
                                                                      • Instruction ID: bb72ac576c2decf20cc4f69bf730852f7c24d2f2031984f1a15f0954c67fa746
                                                                      • Opcode Fuzzy Hash: da2881eb90dff7ec9bf4f7ab6db9fdbc46f359a5ee4e2a773ad9b47821052c46
                                                                      • Instruction Fuzzy Hash: 1E714470A00B058FDB24CF6AD06579ABBF5FF89304F008929D05ADBA50DB35E989DF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C158CC, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 363 c158cc-c158d3 364 c158dc-c15999 CreateActCtxA 363->364 366 c159a2-c159fc 364->366 367 c1599b-c159a1 364->367 374 c15a0b-c15a0f 366->374 375 c159fe-c15a01 366->375 367->366 376 c15a11-c15a1d 374->376 377 c15a20 374->377 375->374 376->377 378 c15a21 377->378 378->378
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 00C15989
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: b63b8468590b6a011e131a6cf9bf542bc9917737f88bc38aa2ebc961eb43316b
                                                                      • Instruction ID: 40716be4365d058978707b42aa0bf8d2a0f8443b0e971bdb669f1cfacfc41573
                                                                      • Opcode Fuzzy Hash: b63b8468590b6a011e131a6cf9bf542bc9917737f88bc38aa2ebc961eb43316b
                                                                      • Instruction Fuzzy Hash: 6A413470C00628CFDB10CFAAC8847DDBBB5FF89318F20856AD418AB251DB716986CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C14070, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 380 c14070-c15999 CreateActCtxA 383 c159a2-c159fc 380->383 384 c1599b-c159a1 380->384 391 c15a0b-c15a0f 383->391 392 c159fe-c15a01 383->392 384->383 393 c15a11-c15a1d 391->393 394 c15a20 391->394 392->391 393->394 395 c15a21 394->395 395->395
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 00C15989
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: 281ef8af795549e364cb1c462fb781b13e05c4b457ebd9b9ec625771d7bc996d
                                                                      • Instruction ID: 198632a5f02b1f46dc1d574a4798587bf525bd5fec8c6fa3a542f3c42d659b48
                                                                      • Opcode Fuzzy Hash: 281ef8af795549e364cb1c462fb781b13e05c4b457ebd9b9ec625771d7bc996d
                                                                      • Instruction Fuzzy Hash: FC41F370C0061CCBDB24DF9AC8847DEBBB5FF89308F208569D418AB250DB716946CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C19B29, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                      Download Yara Rule
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00C19B96
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 30e6bac5a7a32e376be166f8358bb76ea7b0ddca530357a417a72e4971a09487
                                                                      • Instruction ID: 0d27fadcddc2b284feb7efe890881b86df20e79d17bc410a7650cc385cfd4682
                                                                      • Opcode Fuzzy Hash: 30e6bac5a7a32e376be166f8358bb76ea7b0ddca530357a417a72e4971a09487
                                                                      • Instruction Fuzzy Hash: 91218BB1E002488FCB10CFAAD4546DEBBF5EF89314F14842AC41AA7740D778A9468FA2
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C1B69C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 397 c1b69c-c1bf0c DuplicateHandle 399 c1bf15-c1bf32 397->399 400 c1bf0e-c1bf14 397->400 400->399
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C1BE3E,?,?,?,?,?), ref: 00C1BEFF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 5b347ebc5583d338b926584d1bf47100a00e4635851e9a7c450f1ac65ae96fd1
                                                                      • Instruction ID: a74c78d3cd664c43888281daef44dd82ef0e9a31fccc6f91d5ffc38a8d628678
                                                                      • Opcode Fuzzy Hash: 5b347ebc5583d338b926584d1bf47100a00e4635851e9a7c450f1ac65ae96fd1
                                                                      • Instruction Fuzzy Hash: EE21F5B5900208DFDB10CFAAD884AEEBBF8FB48324F14841AE914B3350D374A954DFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C1BE74, Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 403 c1be74-c1bf0c DuplicateHandle 404 c1bf15-c1bf32 403->404 405 c1bf0e-c1bf14 403->405 405->404
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,00C1BE3E,?,?,?,?,?), ref: 00C1BEFF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 7cc2eb9d81c69e8eff31224c889d445ba50e2385e44cba8b91f19df548fe52dc
                                                                      • Instruction ID: 94bd423215dfb01a90905b013784f3fef9270b713993258d248dd8a39ee3677f
                                                                      • Opcode Fuzzy Hash: 7cc2eb9d81c69e8eff31224c889d445ba50e2385e44cba8b91f19df548fe52dc
                                                                      • Instruction Fuzzy Hash: B421E4B59002089FDB10CFAAD884ADEBFF4EB48324F14841AE918B3350D374A945CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C19DB1, Relevance: 1.6, APIs: 1, Instructions: 57libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 408 c19db1-c19df8 409 c19e00-c19e2f LoadLibraryExW 408->409 410 c19dfa-c19dfd 408->410 411 c19e31-c19e37 409->411 412 c19e38-c19e55 409->412 410->409 411->412
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C19C11,00000800,00000000,00000000), ref: 00C19E22
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: d025747c0853a7066699345fd40046924cdd5fd486b1d7512d1642ee5b60d37f
                                                                      • Instruction ID: e75d91426bbe8f466207cc97c6b08f83048adb916a378f06d90a3d63d4f3e9e4
                                                                      • Opcode Fuzzy Hash: d025747c0853a7066699345fd40046924cdd5fd486b1d7512d1642ee5b60d37f
                                                                      • Instruction Fuzzy Hash: 851129B6D002098FDB10CF9AD444ADEFBF4EF48314F14852AD425A7700C374A546CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C19368, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 415 c19368-c19df8 417 c19e00-c19e2f LoadLibraryExW 415->417 418 c19dfa-c19dfd 415->418 419 c19e31-c19e37 417->419 420 c19e38-c19e55 417->420 418->417 419->420
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,00C19C11,00000800,00000000,00000000), ref: 00C19E22
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: 6eea77e3afb3e8acd38ba663087505b501ebd88d78aecc983d7fd7ebd027ab58
                                                                      • Instruction ID: 19f7e42be5a604209eb7b3c12fa6f0197e5d04bc893fae89ed89a50a20ff34d6
                                                                      • Opcode Fuzzy Hash: 6eea77e3afb3e8acd38ba663087505b501ebd88d78aecc983d7fd7ebd027ab58
                                                                      • Instruction Fuzzy Hash: A111E4B6D002499FDB10CF9AD444ADEFBF4EF59324F14842AD525A7600C374A945CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00C19B30, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 423 c19b30-c19b70 424 c19b72-c19b75 423->424 425 c19b78-c19ba3 GetModuleHandleW 423->425 424->425 426 c19ba5-c19bab 425->426 427 c19bac-c19bc0 425->427 426->427
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 00C19B96
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.393196219.0000000000C10000.00000040.00000001.sdmp, Offset: 00C10000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_c10000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 983542cec71681acf95fff46e7c1f9320ba13879d465bbbadb719772bef2e4bb
                                                                      • Instruction ID: d445fd504153b559a3e54498a3d75877506c6b13fa8a375324a6000a1b9ef296
                                                                      • Opcode Fuzzy Hash: 983542cec71681acf95fff46e7c1f9320ba13879d465bbbadb719772bef2e4bb
                                                                      • Instruction Fuzzy Hash: 8611E0B5C006498FDB20CF9AD444BDEFBF4EB89324F14852AD429B7600C379A585CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8EC68, Relevance: 1.5, Strings: 1, Instructions: 290COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 429 4f8ec68-4f8ec8c 431 4f8ecae-4f8ecb3 429->431 432 4f8ec8e-4f8ec91 431->432 433 4f8ec9a-4f8ecac 432->433 434 4f8ec93 432->434 433->432 434->431 434->433 435 4f8ed18-4f8ed28 434->435 436 4f8ed6b-4f8ed74 434->436 437 4f8ed50-4f8ed5a 434->437 438 4f8ece1-4f8ecf0 434->438 439 4f8ed02 434->439 440 4f8ecb5-4f8ecc4 434->440 441 4f8ed17 434->441 442 4f8ed77-4f8ed7c 434->442 445 4f8ed2a-4f8ed2e 435->445 446 4f8ed2f-4f8ed31 435->446 443 4f8ed81-4f8edef 437->443 450 4f8ed5c-4f8ed66 437->450 438->443 444 4f8ecf6-4f8ed00 438->444 452 4f8ed0b-4f8ed12 439->452 448 4f8ecda-4f8ecdf 440->448 449 4f8ecc6-4f8ecca 440->449 441->435 442->432 459 4f8ef2f-4f8efb1 443->459 460 4f8edf5-4f8edfb 443->460 444->432 445->446 453 4f8ed3a-4f8ed41 446->453 454 4f8ed33 446->454 451 4f8ecd8 448->451 449->443 455 4f8ecd0-4f8ecd3 449->455 450->432 451->432 452->432 453->443 458 4f8ed43-4f8ed4e 453->458 457 4f8ed35 454->457 455->451 457->432 458->457 493 4f8efba-4f8f007 459->493 460->459 461 4f8ee01-4f8ee03 460->461 463 4f8ee05-4f8ee08 461->463 464 4f8ee16-4f8ee33 461->464 463->464 465 4f8ee0a-4f8ee11 463->465 474 4f8ee35-4f8ee39 464->474 475 4f8ee47-4f8ee77 464->475 470 4f8ef27-4f8ef2e 465->470 476 4f8ee3f-4f8ee45 474->476 477 4f8eec0-4f8eecb 474->477 486 4f8eed7-4f8eee8 475->486 488 4f8ee79-4f8ee7f 475->488 476->475 476->477 484 4f8eed2 477->484 484->486 489 4f8eeea-4f8eeee 486->489 490 4f8eebb 486->490 488->486 491 4f8ee81-4f8ee8d 488->491 489->484 492 4f8eef0-4f8eeff 489->492 490->477 491->490 494 4f8ee8f-4f8ee95 491->494 492->490 495 4f8ef01-4f8ef07 492->495 506 4f8f009-4f8f00f 493->506 507 4f8f01f-4f8f023 493->507 494->484 496 4f8ee97-4f8eea7 494->496 495->484 497 4f8ef09-4f8ef1e 495->497 499 4f8eeac-4f8eeb3 496->499 497->470 497->499 499->484 500 4f8eeb5-4f8eeb9 499->500 500->470 508 4f8f011 506->508 509 4f8f013-4f8f015 506->509 508->507 509->507
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: $,Pl
                                                                      • API String ID: 0-3254528214
                                                                      • Opcode ID: f5a35da39f7181b13d262af96f7db90e9704aa0f2e8c674e19cd0b54575f2577
                                                                      • Instruction ID: 0fb1a87d25170051a8a6461d58be36fa7c781a157722bd9348978f4e462c28d5
                                                                      • Opcode Fuzzy Hash: f5a35da39f7181b13d262af96f7db90e9704aa0f2e8c674e19cd0b54575f2577
                                                                      • Instruction Fuzzy Hash: 1491F332F041219FD710AB7888856AABBE2EF85311F15847EE995CF392DB34E847C791
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8E1E8, Relevance: .3, Instructions: 291COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: af882b048ea1c1fd01b9d16ef50a2cd2bcfc3c90b73db72a69ae2e6d95f6a99c
                                                                      • Instruction ID: 0f61c81956a20ec5ca44253afd49f7bb288ac7ebb519e95d00f255e3daf99a53
                                                                      • Opcode Fuzzy Hash: af882b048ea1c1fd01b9d16ef50a2cd2bcfc3c90b73db72a69ae2e6d95f6a99c
                                                                      • Instruction Fuzzy Hash: 1AA11476B05251CFD310AB69D8446AE7FA1EB56301F1484BEE05ACF292E739EC03C796
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8E7D8, Relevance: .2, Instructions: 202COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 021cb4e1130873851e318efc2fc0600a1f657b66c9e17506f0b4d1ebfa6703c1
                                                                      • Instruction ID: 4a3c708c9610be3763df412503b97715e76ef9b2c676fbc24807adaa42aba4b1
                                                                      • Opcode Fuzzy Hash: 021cb4e1130873851e318efc2fc0600a1f657b66c9e17506f0b4d1ebfa6703c1
                                                                      • Instruction Fuzzy Hash: 0D71F231F04215CFEB14AB68C805BBEB7A2EB82314F24856EE066DF2D0E735A942D751
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8E5A0, Relevance: .1, Instructions: 129COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b138d860d600a51ac5a02ce798856f5339c12cd2f4f558bba6f8485d1471a330
                                                                      • Instruction ID: 724f686496fff2d99fac0635738545667600a35271f09369016f9d05cc1b11a0
                                                                      • Opcode Fuzzy Hash: b138d860d600a51ac5a02ce798856f5339c12cd2f4f558bba6f8485d1471a330
                                                                      • Instruction Fuzzy Hash: 8E415A35F00210DFE714AB68C815B7E7BA2EB92305F14847DE056DF2D5EA35A903CB52
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8EC59, Relevance: .1, Instructions: 84COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f77da7031281e09afb3ee912096f1b6f4b46a437e2ffe433120b621bf4d7c8b5
                                                                      • Instruction ID: 4f0cbd15accbbb25ffc12f6fd628b8e37a8c6b56b2dd94ba0be648e2e5d2b53c
                                                                      • Opcode Fuzzy Hash: f77da7031281e09afb3ee912096f1b6f4b46a437e2ffe433120b621bf4d7c8b5
                                                                      • Instruction Fuzzy Hash: 1731F372F04225CFD710AF69CD406BAB7E1EFA6311F04853AE425CF281E378E846C691
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8E1D8, Relevance: .1, Instructions: 75COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ad8ce3a34e011ccedf40b1b26193b766b183c5d709973186980445df12204757
                                                                      • Instruction ID: 732b76e6a8f3c87df62d9288ff8c70bd9cbb8845076e3df2224ac7d35559a5b6
                                                                      • Opcode Fuzzy Hash: ad8ce3a34e011ccedf40b1b26193b766b183c5d709973186980445df12204757
                                                                      • Instruction Fuzzy Hash: BC21CF35740A509FD7186BA9D918A6D3BA6EB85702F10803DE907CF395DE3ADC428B46
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A6D1D4, Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.392937148.0000000000A6D000.00000040.00000001.sdmp, Offset: 00A6D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_a6d000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c66954b5b63f874c2d8efbf4be7c7aa9d07f310adf3e28190e452e71128a67a8
                                                                      • Instruction ID: a3f76c0e7694f5755f4c7c514d7d31fcbe2d5ac7870be3fb601ef91751f53737
                                                                      • Opcode Fuzzy Hash: c66954b5b63f874c2d8efbf4be7c7aa9d07f310adf3e28190e452e71128a67a8
                                                                      • Instruction Fuzzy Hash: C621F571A04240EFDB01CF64D5D4B66BBB5FB84354F24CA6DD8094B245C336D846CA61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A6D01C, Relevance: .1, Instructions: 72COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.392937148.0000000000A6D000.00000040.00000001.sdmp, Offset: 00A6D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_a6d000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d9cc237e9a2623902258f89e15843e1fe20a9f36658b484da8bf0dde577aefc2
                                                                      • Instruction ID: f71f26b7d5285afbc63331a9020a4886c7bed0d93600be9a4a3c5f8bf2a1fdcf
                                                                      • Opcode Fuzzy Hash: d9cc237e9a2623902258f89e15843e1fe20a9f36658b484da8bf0dde577aefc2
                                                                      • Instruction Fuzzy Hash: C321C575A04240DFDB14DF54D5C4B26BB75FB84358F24C969D84A4B386C336D847CA61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 04F8E472, Relevance: .1, Instructions: 69COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.396710064.0000000004F80000.00000040.00000001.sdmp, Offset: 04F80000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_4f80000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43c57a6abb1776c7225253a7b491abf97aa497369b01623fc49a6bcecd48ad30
                                                                      • Instruction ID: 43d4f29754f1666d1f64b63e62ae9da484a02f399ed38fe7ea920ee12cb52983
                                                                      • Opcode Fuzzy Hash: 43c57a6abb1776c7225253a7b491abf97aa497369b01623fc49a6bcecd48ad30
                                                                      • Instruction Fuzzy Hash: 05210075A05260CBE310DB28D9003AABBB1AB42315F18C5BED059DF282E339E852CB91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A6D017, Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.392937148.0000000000A6D000.00000040.00000001.sdmp, Offset: 00A6D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_a6d000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: effe7a22648dd2273e95280a80c50fc890313f001ee11b9f777467c5e4cd05f6
                                                                      • Instruction ID: 3bb827a9201d4f434a5d167ad93dce0746a5883c8f42f3eb7b3331b042bf0685
                                                                      • Opcode Fuzzy Hash: effe7a22648dd2273e95280a80c50fc890313f001ee11b9f777467c5e4cd05f6
                                                                      • Instruction Fuzzy Hash: 6E118E75904280DFCB11CF14D5C4B15BB71FB84314F24C6A9D84A4B656C33AD84BCB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 00A6D1CF, Relevance: .1, Instructions: 53COMMON
                                                                      Download Yara Rule
                                                                      Memory Dump Source
                                                                      • Source File: 0000000E.00000002.392937148.0000000000A6D000.00000040.00000001.sdmp, Offset: 00A6D000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_14_2_a6d000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: effe7a22648dd2273e95280a80c50fc890313f001ee11b9f777467c5e4cd05f6
                                                                      • Instruction ID: abd05b56567b89d076776308fa346970e1044136aaa9c1c67e26d4536e51ca22
                                                                      • Opcode Fuzzy Hash: effe7a22648dd2273e95280a80c50fc890313f001ee11b9f777467c5e4cd05f6
                                                                      • Instruction Fuzzy Hash: 77119D75A04280DFCB12CF24D6D4B55FBB1FB84324F28C6ADD8494B696C33AD84ACB61
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions

                                                                      Analysis Process: mozille.exe PID: 6564 Parent PID: 3868 mozille.exeCOMMON

                                                                      Execution Graph

                                                                      Execution Coverage:8.1%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:0%
                                                                      Total number of Nodes:118
                                                                      Total number of Limit Nodes:5

                                                                      Graph

                                                                      execution_graph 17344 1a04110 17346 1a04111 17344->17346 17345 1a04193 17346->17345 17349 1a04349 17346->17349 17355 1a03ca4 17346->17355 17350 1a0434c 17349->17350 17352 1a043a9 17350->17352 17360 1a04438 17350->17360 17364 1a04448 17350->17364 17352->17346 17357 1a03caf 17355->17357 17356 1a06c59 17356->17346 17357->17356 17372 1a06cc0 17357->17372 17376 1a06cd0 17357->17376 17362 1a0443c 17360->17362 17361 1a0454c 17362->17361 17368 1a04070 17362->17368 17365 1a04449 17364->17365 17366 1a04070 CreateActCtxA 17365->17366 17367 1a0454c 17365->17367 17366->17367 17369 1a058d8 CreateActCtxA 17368->17369 17371 1a0599b 17369->17371 17373 1a06cc4 17372->17373 17380 1a055ec 17373->17380 17375 1a06cd8 17375->17357 17377 1a06cd1 17376->17377 17378 1a055ec 3 API calls 17377->17378 17379 1a06cd8 17378->17379 17379->17357 17381 1a055f7 17380->17381 17384 1a055fc 17381->17384 17383 1a06d75 17383->17375 17385 1a05607 17384->17385 17388 1a0562c 17385->17388 17387 1a06e5a 17387->17383 17389 1a05637 17388->17389 17392 1a0565c 17389->17392 17391 1a06f4a 17391->17387 17393 1a05667 17392->17393 17395 1a0765e 17393->17395 17400 1a09858 17393->17400 17405 1a0984b 17393->17405 17394 1a0769c 17394->17391 17395->17394 17410 1a0b988 17395->17410 17416 1a0b979 17395->17416 17401 1a0985d 17400->17401 17422 1a09950 17401->17422 17431 1a09941 17401->17431 17402 1a09867 17402->17395 17406 1a09858 17405->17406 17408 1a09950 2 API calls 17406->17408 17409 1a09941 2 API calls 17406->17409 17407 1a09867 17407->17395 17408->17407 17409->17407 17411 1a0b98d 17410->17411 17412 1a0b9cd 17411->17412 17456 1a0baf5 17411->17456 17460 1a0bb38 17411->17460 17464 1a0bb27 17411->17464 17412->17394 17417 1a0b980 17416->17417 17418 1a0b9cd 17417->17418 17419 1a0baf5 3 API calls 17417->17419 17420 1a0bb27 3 API calls 17417->17420 17421 1a0bb38 3 API calls 17417->17421 17418->17394 17419->17418 17420->17418 17421->17418 17423 1a09951 17422->17423 17424 1a0997b 17423->17424 17440 1a09bd8 17423->17440 17444 1a09c2c 17423->17444 17448 1a09bc9 17423->17448 17424->17402 17425 1a09973 17425->17424 17426 1a09b78 GetModuleHandleW 17425->17426 17427 1a09ba5 17426->17427 17427->17402 17432 1a09944 17431->17432 17433 1a098db 17432->17433 17437 1a09bd8 LoadLibraryExW 17432->17437 17438 1a09bc9 LoadLibraryExW 17432->17438 17439 1a09c2c LoadLibraryExW 17432->17439 17433->17402 17434 1a09973 17434->17433 17435 1a09b78 GetModuleHandleW 17434->17435 17436 1a09ba5 17435->17436 17436->17402 17437->17434 17438->17434 17439->17434 17441 1a09bd9 17440->17441 17442 1a09c11 17441->17442 17452 1a09368 17441->17452 17442->17425 17445 1a09bc4 17444->17445 17447 1a09c11 17444->17447 17446 1a09368 LoadLibraryExW 17445->17446 17445->17447 17446->17447 17447->17425 17449 1a09bcc 17448->17449 17450 1a09c11 17449->17450 17451 1a09368 LoadLibraryExW 17449->17451 17450->17425 17451->17450 17454 1a09db8 LoadLibraryExW 17452->17454 17455 1a09e31 17454->17455 17455->17442 17458 1a0bb04 17456->17458 17457 1a0bb0a 17457->17412 17458->17457 17468 1a0b614 17458->17468 17461 1a0bb3d 17460->17461 17462 1a0bb7f 17461->17462 17463 1a0b614 3 API calls 17461->17463 17462->17412 17463->17462 17465 1a0bb38 17464->17465 17466 1a0bb7f 17465->17466 17467 1a0b614 3 API calls 17465->17467 17466->17412 17467->17466 17469 1a0b61f 17468->17469 17471 1a0c470 17469->17471 17472 1a0b6fc 17469->17472 17473 1a0b707 17472->17473 17474 1a0565c LoadLibraryExW GetModuleHandleW GetModuleHandleW 17473->17474 17475 1a0c4df 17474->17475 17477 1a0e268 LoadLibraryExW GetModuleHandleW 17475->17477 17478 1a0e25b LoadLibraryExW GetModuleHandleW 17475->17478 17476 1a0c518 17476->17471 17477->17476 17478->17476 17479 1a0bc50 17480 1a0bc51 17479->17480 17484 1a0be00 17480->17484 17488 1a0be10 17480->17488 17481 1a0bd65 17485 1a0be04 17484->17485 17492 1a0b69c 17485->17492 17489 1a0be11 17488->17489 17490 1a0b69c DuplicateHandle 17489->17490 17491 1a0be3e 17490->17491 17491->17481 17493 1a0be78 DuplicateHandle 17492->17493 17494 1a0be3e 17493->17494 17494->17481

                                                                      Executed Functions

                                                                      Function 01A09950, Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 317 1a09950-1a09965 call 1a09304 321 1a09967 317->321 322 1a0997b-1a0997f 317->322 374 1a0996d call 1a09bd8 321->374 375 1a0996d call 1a09bc9 321->375 376 1a0996d call 1a09c2c 321->376 323 1a09981-1a0998b 322->323 324 1a09993-1a099d4 322->324 323->324 329 1a099e1-1a099ef 324->329 330 1a099d6-1a099de 324->330 325 1a09973-1a09975 325->322 326 1a09ab0-1a09b2e 325->326 366 1a09b30-1a09b34 326->366 367 1a09b35-1a09b70 326->367 332 1a099f1-1a099f6 329->332 333 1a09a13-1a09a15 329->333 330->329 334 1a09a01 332->334 335 1a099f8-1a099ff call 1a09310 332->335 336 1a09a18-1a09a1f 333->336 340 1a09a03-1a09a11 334->340 335->340 338 1a09a21-1a09a29 336->338 339 1a09a2c-1a09a33 336->339 338->339 343 1a09a40-1a09a49 call 1a09320 339->343 344 1a09a35-1a09a3d 339->344 340->336 349 1a09a56-1a09a5b 343->349 350 1a09a4b-1a09a53 343->350 344->343 351 1a09a79-1a09a7d 349->351 352 1a09a5d-1a09a64 349->352 350->349 377 1a09a80 call 1a09eb0 351->377 378 1a09a80 call 1a09ee0 351->378 379 1a09a80 call 1a09ed0 351->379 352->351 354 1a09a66-1a09a76 call 1a09330 call 1a09340 352->354 354->351 355 1a09a83-1a09a86 358 1a09a88-1a09aa6 355->358 359 1a09aa9-1a09aaf 355->359 358->359 366->367 368 1a09b72-1a09b75 367->368 369 1a09b78-1a09ba3 GetModuleHandleW 367->369 368->369 371 1a09ba5-1a09bab 369->371 372 1a09bac-1a09bc0 369->372 371->372 374->325 375->325 376->325 377->355 378->355 379->355
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01A09B96
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: b934bcdbca1de0e8772aa941ec2b8f9ca4480cd3227117ad4ec03205e2927eb7
                                                                      • Instruction ID: ea7c8d2d89a93741d8acb19a706c2ee3fd2084fbc001ab83f3b880fcc55a4645
                                                                      • Opcode Fuzzy Hash: b934bcdbca1de0e8772aa941ec2b8f9ca4480cd3227117ad4ec03205e2927eb7
                                                                      • Instruction Fuzzy Hash: A8711570A00B058FDB25CF69E04479BBBF5BB88318F008929D44ADBA91DB75E846CF91
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A058CC, Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 380 1a058cc-1a058ce 381 1a058d0-1a058d3 380->381 382 1a058d5 380->382 381->382 383 1a058d8-1a05999 CreateActCtxA 382->383 385 1a059a2-1a059fc 383->385 386 1a0599b-1a059a1 383->386 393 1a05a0b-1a05a0f 385->393 394 1a059fe-1a05a01 385->394 386->385 395 1a05a20 393->395 396 1a05a11-1a05a1d 393->396 394->393 397 1a05a21 395->397 396->395 397->397
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 01A05989
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: 2c8b41a3c547629fcad68ab2553f7b756ed7f568f24f62024ebbf21015f65678
                                                                      • Instruction ID: d5e4688c2d3137e38217f34aa7168a4ef18b09257400bcc65b6935114234abff
                                                                      • Opcode Fuzzy Hash: 2c8b41a3c547629fcad68ab2553f7b756ed7f568f24f62024ebbf21015f65678
                                                                      • Instruction Fuzzy Hash: A7410470C00218CEDB25CFA9D8887CEBBB5BF49314F24856AD418AB291DB716946CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A04070, Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 399 1a04070-1a05999 CreateActCtxA 402 1a059a2-1a059fc 399->402 403 1a0599b-1a059a1 399->403 410 1a05a0b-1a05a0f 402->410 411 1a059fe-1a05a01 402->411 403->402 412 1a05a20 410->412 413 1a05a11-1a05a1d 410->413 411->410 414 1a05a21 412->414 413->412 414->414
                                                                      APIs
                                                                      • CreateActCtxA.KERNEL32(?), ref: 01A05989
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: Create
                                                                      • String ID:
                                                                      • API String ID: 2289755597-0
                                                                      • Opcode ID: c0738aca397378b8ac44b819f79cd5ea8f4780531136bbfbb90536b60ab2321c
                                                                      • Instruction ID: 9c3f904d6f4141324cafe2218b0359884d368712176d111a8ce53289ab3da42c
                                                                      • Opcode Fuzzy Hash: c0738aca397378b8ac44b819f79cd5ea8f4780531136bbfbb90536b60ab2321c
                                                                      • Instruction Fuzzy Hash: 2341D170C00618CBDB25DFA9D9887DEBBB5BF49308F248569D409AB290DB716946CF90
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A0B69C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 416 1a0b69c-1a0bf0c DuplicateHandle 418 1a0bf15-1a0bf32 416->418 419 1a0bf0e-1a0bf14 416->419 419->418
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01A0BE3E,?,?,?,?,?), ref: 01A0BEFF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 0f7883f8f577bbf3ccdf452f3584bc72895b8fcbe4465cc71e14a96038d2be4f
                                                                      • Instruction ID: 23ecfd5e4f5844f6f2e8da7a27f1a4fcb70ef8cdd11403c63d67ba0e6dd1b112
                                                                      • Opcode Fuzzy Hash: 0f7883f8f577bbf3ccdf452f3584bc72895b8fcbe4465cc71e14a96038d2be4f
                                                                      • Instruction Fuzzy Hash: 3021C6B5900208EFDB10CF9AD584ADEBBF8EB48324F14841AE915A7350D375A954CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A0BE73, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 422 1a0be73 423 1a0be78-1a0bf0c DuplicateHandle 422->423 424 1a0bf15-1a0bf32 423->424 425 1a0bf0e-1a0bf14 423->425 425->424
                                                                      APIs
                                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,01A0BE3E,?,?,?,?,?), ref: 01A0BEFF
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: DuplicateHandle
                                                                      • String ID:
                                                                      • API String ID: 3793708945-0
                                                                      • Opcode ID: 1a534b697055c9a4f186a73f7c5321d9110809b97387264a44e5adb1b0cc5e52
                                                                      • Instruction ID: 821780a1923d0254e617601a5cf0af7bb75d11e151cecd17246567d828386459
                                                                      • Opcode Fuzzy Hash: 1a534b697055c9a4f186a73f7c5321d9110809b97387264a44e5adb1b0cc5e52
                                                                      • Instruction Fuzzy Hash: EB21C2B5900248AFDB10CFAAD984ADEBFF8EB48324F14841AE915A3350D375A954CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A09DB1, Relevance: 1.6, APIs: 1, Instructions: 56libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 428 1a09db1-1a09db2 429 1a09db4-1a09db6 428->429 430 1a09db9-1a09dbc 428->430 431 1a09db8 429->431 432 1a09dbd-1a09df8 429->432 430->432 431->430 433 1a09e00-1a09e2f LoadLibraryExW 432->433 434 1a09dfa-1a09dfd 432->434 435 1a09e31-1a09e37 433->435 436 1a09e38-1a09e55 433->436 434->433 435->436
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01A09C11,00000800,00000000,00000000), ref: 01A09E22
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: cb78fdee3b2432ffd6ebf89331cdd9f3914d24571ee7aa81fa8fab6acb809410
                                                                      • Instruction ID: 36940baca079b81a0c1c3cbf7f74e1d5ad25ea7202ac0c9a7019380067467095
                                                                      • Opcode Fuzzy Hash: cb78fdee3b2432ffd6ebf89331cdd9f3914d24571ee7aa81fa8fab6acb809410
                                                                      • Instruction Fuzzy Hash: 9A1114B69003499FDB11CF9AD444BDFFBF8AB88328F14842AD519A7641C374A949CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A09E58, Relevance: 1.6, APIs: 1, Instructions: 56COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 439 1a09e58-1a09e5a 440 1a09e61-1a09e62 439->440 441 1a09e5c-1a09e60 439->441 442 1a09e64 440->442 443 1a09e69-1a09e75 440->443 441->440 444 1a09df0-1a09dfc 442->444 445 1a09e66-1a09e68 442->445 446 1a09e77-1a09e7b 443->446 447 1a09e7c-1a09e88 443->447 448 1a09e00-1a09e2f LoadLibraryExW 444->448 445->443 453 1a09e92-1a09ea7 call 1a09320 447->453 454 1a09e8a-1a09e91 447->454 451 1a09e31-1a09e37 448->451 452 1a09e38-1a09e55 448->452 451->452
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ec794d599e6080a7e22a3308f307e81ae759019087273dac74760c0e3c1696eb
                                                                      • Instruction ID: d0ea342da8670b76f66eed8146cf4d22bc89abcec426ac8e020708bb66de7366
                                                                      • Opcode Fuzzy Hash: ec794d599e6080a7e22a3308f307e81ae759019087273dac74760c0e3c1696eb
                                                                      • Instruction Fuzzy Hash: 481102B2A003048FCF128B99E8047DAFBF8EF54318F24845AD249A7692C3759C45CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A09368, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 460 1a09368-1a09df8 464 1a09e00-1a09e2f LoadLibraryExW 460->464 465 1a09dfa-1a09dfd 460->465 466 1a09e31-1a09e37 464->466 467 1a09e38-1a09e55 464->467 465->464 466->467
                                                                      APIs
                                                                      • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,01A09C11,00000800,00000000,00000000), ref: 01A09E22
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: LibraryLoad
                                                                      • String ID:
                                                                      • API String ID: 1029625771-0
                                                                      • Opcode ID: 7d5fe3a02f6650eff613c550cbcab63e6c41d8f7c28e371bcfe8c2378908df51
                                                                      • Instruction ID: de73a3dcbd0cbb436046ee349ccfc1fc609aac77a65133ebc5c1918cb1bdfaa7
                                                                      • Opcode Fuzzy Hash: 7d5fe3a02f6650eff613c550cbcab63e6c41d8f7c28e371bcfe8c2378908df51
                                                                      • Instruction Fuzzy Hash: 9211D3B69003499FDB10CF9AD448BDEFBF8AB58324F14842AE519A7640C374A945CFA5
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A09B29, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 470 1a09b29-1a09b2a 471 1a09b31-1a09b70 470->471 472 1a09b2c 470->472 474 1a09b72-1a09b75 471->474 475 1a09b78-1a09ba3 GetModuleHandleW 471->475 472->471 474->475 476 1a09ba5-1a09bab 475->476 477 1a09bac-1a09bc0 475->477 476->477
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01A09B96
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 94928109b98c7ec633768bd708d09ff03b0270d78806a5184cd111eb804bb94f
                                                                      • Instruction ID: 8ce9e76a2e3156d17465dd8dda4671e72af54a34f539388653f8911707b8d417
                                                                      • Opcode Fuzzy Hash: 94928109b98c7ec633768bd708d09ff03b0270d78806a5184cd111eb804bb94f
                                                                      • Instruction Fuzzy Hash: 961120B5D006498FDB10CF9AD444BDEFBF4AB89324F14852AC829A7641C374A546CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Function 01A09B30, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                      Download Yara Rule

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 479 1a09b30-1a09b70 482 1a09b72-1a09b75 479->482 483 1a09b78-1a09ba3 GetModuleHandleW 479->483 482->483 484 1a09ba5-1a09bab 483->484 485 1a09bac-1a09bc0 483->485 484->485
                                                                      APIs
                                                                      • GetModuleHandleW.KERNELBASE(00000000), ref: 01A09B96
                                                                      Memory Dump Source
                                                                      • Source File: 0000000F.00000002.571251214.0000000001A00000.00000040.00000001.sdmp, Offset: 01A00000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_15_2_1a00000_mozille.jbxd
                                                                      Similarity
                                                                      • API ID: HandleModule
                                                                      • String ID:
                                                                      • API String ID: 4139908857-0
                                                                      • Opcode ID: 2f215307de825f8948bd09605bcaab6f357af3fedb61d4b68292d6e51cdff6f7
                                                                      • Instruction ID: 0eb6569c0a3736e11564d5a1ff707cec2a1852ffb8e8d15f526179272b020e39
                                                                      • Opcode Fuzzy Hash: 2f215307de825f8948bd09605bcaab6f357af3fedb61d4b68292d6e51cdff6f7
                                                                      • Instruction Fuzzy Hash: C511E0B5C006498FDB10CF9AD444BDEFBF4AB89324F14852AD429B7640C375A545CFA1
                                                                      Uniqueness

                                                                      Uniqueness Score: -1.00%

                                                                      Non-executed Functions