Play interactive tour

Edit tour

Analysis Report wDIaJji4Vv.exe

Overview

General Information

Sample Name:	wDIaJji4Vv.exe
Analysis ID:	381644
MD5:	6a0c22a8a8d9524ba012910571b57d38
SHA1:	b75a74ca657f4940b251c5116bcf2d3a78773671
SHA256:	cc9690dcde0dfa23d657f84bc221296c45590b595d5cca9131087638c35c8a8b
Tags:	exeNanoCoreRAT
Infos:
Most interesting Screenshot:

Detection

Nanocore

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Nanocore Rat

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Sigma detected: NanoCore

Sigma detected: Scheduled temp file as task from temp location

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Yara detected AntiVM3

Yara detected Nanocore RAT

.NET source code contains potential unpacker

Adds a directory exclusion to Windows Defender

Allocates memory in foreign processes

C2 URLs / IPs found in malware configuration

Hides that the sample has been downloaded from the Internet (zone.identifier)

Injects a PE file into a foreign processes

Machine Learning detection for dropped file

Machine Learning detection for sample

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Uses dynamic DNS services

Uses schtasks.exe or at.exe to add and modify task schedules

Writes to foreign memory regions

Antivirus or Machine Learning detection for unpacked file

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to detect virtual machines (SGDT)

Contains functionality to detect virtual machines (SLDT)

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Contains long sleeps (>= 3 min)

Creates a DirectInput object (often for capturing keystrokes)

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Enables debug privileges

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

Installs a raw input device (often for capturing keystrokes)

Internet Provider seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

PE file contains strange resources

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Startup

System is w10x64

wDIaJji4Vv.exe (PID: 2788 cmdline: 'C:\Users\user\Desktop\wDIaJji4Vv.exe' MD5: 6A0C22A8A8D9524BA012910571B57D38)

powershell.exe (PID: 6104 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 404 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

schtasks.exe (PID: 3120 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp' MD5: 15FF7D8324231381BAD48A052F85DF04)

conhost.exe (PID: 6100 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

powershell.exe (PID: 5528 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe' MD5: DBA3E6449E97D4E3DF64527EF7012A10)

conhost.exe (PID: 4812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

RegSvcs.exe (PID: 4688 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe MD5: 71369277D09DA0830C8C59F9E22BB23A)

RegSvcs.exe (PID: 6172 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe MD5: 71369277D09DA0830C8C59F9E22BB23A)

RegSvcs.exe (PID: 6228 cmdline: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe MD5: 71369277D09DA0830C8C59F9E22BB23A)

dhcpmon.exe (PID: 6744 cmdline: 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe' MD5: 71369277D09DA0830C8C59F9E22BB23A)

conhost.exe (PID: 6752 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

cleanup

Malware Configuration

Threatname: NanoCore

{"Version": "1.2.2.0", "Mutex": "282cf72b-8a92-4c1b-b768-b591a1e0", "Group": "jobo", "Domain1": "james12.ddns.net", "Domain2": "127.0.0.1", "Port": 6060, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "", "BackupDNSServer": ""}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x59eb:$x1: NanoCore.ClientPluginHost 0x5b48:$x2: IClientNetworkHost
0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x59eb:$x2: NanoCore.ClientPluginHost 0x6941:$s3: PipeExists 0x5be1:$s4: PipeCreated 0x5a05:$s5: IClientLoggingHost
0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b0b:$x1: NanoCore.ClientPluginHost 0x5b44:$x2: IClientNetworkHost
0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b0b:$x2: NanoCore.ClientPluginHost 0x5c0f:$s4: PipeCreated 0x5b25:$s5: IClientLoggingHost
00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x168295:$x1: NanoCore.ClientPluginHost 0x19aab5:$x1: NanoCore.ClientPluginHost 0x1682d2:$x2: IClientNetworkHost 0x19aaf2:$x2: IClientNetworkHost 0x16be05:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x19e625:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x167ffd:$a: NanoCore 0x16800d:$a: NanoCore 0x168241:$a: NanoCore 0x168255:$a: NanoCore 0x168295:$a: NanoCore 0x19a81d:$a: NanoCore 0x19a82d:$a: NanoCore 0x19aa61:$a: NanoCore 0x19aa75:$a: NanoCore 0x19aab5:$a: NanoCore 0x16805c:$b: ClientPlugin 0x16825e:$b: ClientPlugin 0x16829e:$b: ClientPlugin 0x19a87c:$b: ClientPlugin 0x19aa7e:$b: ClientPlugin 0x19aabe:$b: ClientPlugin 0x2356e:$c: ProjectData 0x8338e:$c: ProjectData 0x168183:$c: ProjectData 0x19a9a3:$c: ProjectData 0x168b8a:$d: DESCrypto
0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x12fa:$a: NanoCore 0x131f:$a: NanoCore 0x1378:$a: NanoCore 0x11515:$a: NanoCore 0x1153b:$a: NanoCore 0x11597:$a: NanoCore 0x1e3ec:$a: NanoCore 0x1e445:$a: NanoCore 0x1e478:$a: NanoCore 0x1e6a4:$a: NanoCore 0x1e720:$a: NanoCore 0x1ed39:$a: NanoCore 0x1ee82:$a: NanoCore 0x1f356:$a: NanoCore 0x1f63d:$a: NanoCore 0x1f654:$a: NanoCore 0x24bf2:$a: NanoCore 0x24c6c:$a: NanoCore 0x29809:$a: NanoCore 0x2abc3:$a: NanoCore 0x2ac0d:$a: NanoCore
0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
0000000C.00000002.480310164.0000000003664000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x351ce:$a: NanoCore 0x351f3:$a: NanoCore 0x3524c:$a: NanoCore 0x453f7:$a: NanoCore 0x4541d:$a: NanoCore 0x45479:$a: NanoCore 0x522d7:$a: NanoCore 0x52330:$a: NanoCore 0x52363:$a: NanoCore 0x5258f:$a: NanoCore 0x5260b:$a: NanoCore 0x52c24:$a: NanoCore 0x52d6d:$a: NanoCore 0x53241:$a: NanoCore 0x53528:$a: NanoCore 0x5353f:$a: NanoCore 0x5c3e7:$a: NanoCore 0x5c463:$a: NanoCore 0x5ed46:$a: NanoCore 0x64315:$a: NanoCore 0x6438f:$a: NanoCore
0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost
0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost
0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost
0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x6a6b:$s4: PipeCreated
0000000C.00000003.462233359.0000000004945000.00000004.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x5c6f:$a: NanoCore 0x5c94:$a: NanoCore 0x5ced:$a: NanoCore 0x15e8c:$a: NanoCore 0x15eb2:$a: NanoCore 0x15f0e:$a: NanoCore 0x22d65:$a: NanoCore 0x22dbe:$a: NanoCore 0x22df1:$a: NanoCore 0x2301d:$a: NanoCore 0x23099:$a: NanoCore 0x236b2:$a: NanoCore 0x237fb:$a: NanoCore 0x23ccf:$a: NanoCore 0x23fb6:$a: NanoCore 0x23fcd:$a: NanoCore 0x2ce71:$a: NanoCore 0x2ceed:$a: NanoCore 0x2f7d0:$a: NanoCore 0x34d99:$a: NanoCore 0x34e13:$a: NanoCore
0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost
0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0xe576:$s4: PipeCreated 0x8bbf:$s5: IClientLoggingHost
0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost
0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x1800:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost
00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost
0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x1486:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost
0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xff8d:$x1: NanoCore.ClientPluginHost 0xffca:$x2: IClientNetworkHost 0x13afd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfcf5:$a: NanoCore 0xfd05:$a: NanoCore 0xff39:$a: NanoCore 0xff4d:$a: NanoCore 0xff8d:$a: NanoCore 0xfd54:$b: ClientPlugin 0xff56:$b: ClientPlugin 0xff96:$b: ClientPlugin 0xfe7b:$c: ProjectData 0x10882:$d: DESCrypto 0x1824e:$e: KeepAlive 0x1623c:$g: LogClientMessage 0x12437:$i: get_Connected 0x10bb8:$j: #=q 0x10be8:$j: #=q 0x10c04:$j: #=q 0x10c34:$j: #=q 0x10c50:$j: #=q 0x10c6c:$j: #=q 0x10c9c:$j: #=q 0x10cb8:$j: #=q
0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2205:$x1: NanoCore.ClientPluginHost 0x223e:$x2: IClientNetworkHost
0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2205:$x2: NanoCore.ClientPluginHost 0x2320:$s4: PipeCreated 0x221f:$s5: IClientLoggingHost
0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost
0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost
0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5fee:$x1: NanoCore.ClientPluginHost 0x602b:$x2: IClientNetworkHost
0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5fee:$x2: NanoCore.ClientPluginHost 0x9441:$s4: PipeCreated 0x6018:$s5: IClientLoggingHost
0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: wDIaJji4Vv.exe PID: 2788	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4dd4f:$x1: NanoCore.ClientPluginHost 0x6c6df:$x1: NanoCore.ClientPluginHost 0x4ddb0:$x2: IClientNetworkHost 0x6c740:$x2: IClientNetworkHost 0x531b5:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x61127:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x71b45:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x7fab7:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
Process Memory Space: wDIaJji4Vv.exe PID: 2788	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: wDIaJji4Vv.exe PID: 2788	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: wDIaJji4Vv.exe PID: 2788	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4d854:$a: NanoCore 0x4d870:$a: NanoCore 0x4d9cb:$a: NanoCore 0x4d9da:$a: NanoCore 0x4dcb3:$a: NanoCore 0x4dcdf:$a: NanoCore 0x4dd4f:$a: NanoCore 0x5d791:$a: NanoCore 0x5d7a3:$a: NanoCore 0x5d7df:$a: NanoCore 0x6c1e4:$a: NanoCore 0x6c200:$a: NanoCore 0x6c35b:$a: NanoCore 0x6c36a:$a: NanoCore 0x6c643:$a: NanoCore 0x6c66f:$a: NanoCore 0x6c6df:$a: NanoCore 0x7c121:$a: NanoCore 0x7c133:$a: NanoCore 0x7c16f:$a: NanoCore 0x4d8fb:$b: ClientPlugin
Process Memory Space: RegSvcs.exe PID: 6228	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x24310:$x1: NanoCore.ClientPluginHost 0x415b6:$x1: NanoCore.ClientPluginHost 0x688d8:$x1: NanoCore.ClientPluginHost 0x731f2:$x1: NanoCore.ClientPluginHost 0x85d6d:$x1: NanoCore.ClientPluginHost 0x88757:$x1: NanoCore.ClientPluginHost 0x8bbac:$x1: NanoCore.ClientPluginHost 0x8e797:$x1: NanoCore.ClientPluginHost 0x9593b:$x1: NanoCore.ClientPluginHost 0x9a796:$x1: NanoCore.ClientPluginHost 0xa6f70:$x1: NanoCore.ClientPluginHost 0xc2910:$x1: NanoCore.ClientPluginHost 0xd12cb:$x1: NanoCore.ClientPluginHost 0x1008ba:$x1: NanoCore.ClientPluginHost 0x12b98c:$x1: NanoCore.ClientPluginHost 0x1f5996:$x1: NanoCore.ClientPluginHost 0x2002b5:$x1: NanoCore.ClientPluginHost 0x212e37:$x1: NanoCore.ClientPluginHost 0x215e8d:$x1: NanoCore.ClientPluginHost 0x21b248:$x1: NanoCore.ClientPluginHost 0x21e6a4:$x1: NanoCore.ClientPluginHost
Process Memory Space: RegSvcs.exe PID: 6228	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
Process Memory Space: RegSvcs.exe PID: 6228	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x208e0:$a: NanoCore 0x20905:$a: NanoCore 0x20973:$a: NanoCore 0x24310:$a: NanoCore 0x244ae:$a: NanoCore 0x25e68:$a: NanoCore 0x27a85:$a: NanoCore 0x27b60:$a: NanoCore 0x288d2:$a: NanoCore 0x2c191:$a: NanoCore 0x2c1b6:$a: NanoCore 0x2c224:$a: NanoCore 0x415b6:$a: NanoCore 0x41692:$a: NanoCore 0x43cfe:$a: NanoCore 0x43d72:$a: NanoCore 0x45acc:$a: NanoCore 0x6889b:$a: NanoCore 0x688d8:$a: NanoCore 0x68961:$a: NanoCore 0x6dcf9:$a: NanoCore
Click to see the 42 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
12.2.RegSvcs.exe.68b0000.28.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3d99:$x1: NanoCore.ClientPluginHost 0x3db3:$x2: IClientNetworkHost
12.2.RegSvcs.exe.68b0000.28.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3d99:$x2: NanoCore.ClientPluginHost 0x4dce:$s4: PipeCreated 0x3d86:$s5: IClientLoggingHost
12.2.RegSvcs.exe.67c0000.21.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
12.2.RegSvcs.exe.67c0000.21.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
12.3.RegSvcs.exe.4a2a9ed.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x605:$x1: NanoCore.ClientPluginHost 0x3bd6:$x1: NanoCore.ClientPluginHost 0x63e:$x2: IClientNetworkHost
12.3.RegSvcs.exe.4a2a9ed.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x605:$x2: NanoCore.ClientPluginHost 0x3bd6:$x2: NanoCore.ClientPluginHost 0x720:$s4: PipeCreated 0x3cb4:$s4: PipeCreated 0x61f:$s5: IClientLoggingHost 0x3bf0:$s5: IClientLoggingHost
12.2.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
12.2.RegSvcs.exe.400000.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x1266b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost
12.2.RegSvcs.exe.400000.0.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.RegSvcs.exe.400000.0.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x1007b:$c: ProjectData 0x10a82:$d: DESCrypto 0x1844e:$e: KeepAlive 0x1643c:$g: LogClientMessage 0x12637:$i: get_Connected 0x10db8:$j: #=q 0x10de8:$j: #=q 0x10e04:$j: #=q 0x10e34:$j: #=q 0x10e50:$j: #=q 0x10e6c:$j: #=q 0x10e9c:$j: #=q 0x10eb8:$j: #=q
12.2.RegSvcs.exe.5c20000.16.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
12.2.RegSvcs.exe.5c20000.16.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
12.3.RegSvcs.exe.4a10996.0.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
12.3.RegSvcs.exe.4a10996.0.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6890000.27.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x39eb:$x1: NanoCore.ClientPluginHost 0x3a24:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6890000.27.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x39eb:$x2: NanoCore.ClientPluginHost 0x3b36:$s4: PipeCreated 0x3a05:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6880000.26.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x59eb:$x1: NanoCore.ClientPluginHost 0x5b48:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6880000.26.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x59eb:$x2: NanoCore.ClientPluginHost 0x6941:$s3: PipeExists 0x5be1:$s4: PipeCreated 0x5a05:$s5: IClientLoggingHost
12.2.RegSvcs.exe.68d0000.29.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x170b:$x1: NanoCore.ClientPluginHost 0x1725:$x2: IClientNetworkHost
12.2.RegSvcs.exe.68d0000.29.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x170b:$x2: NanoCore.ClientPluginHost 0x34b6:$s4: PipeCreated 0x16f8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.477db96.10.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3d99:$x1: NanoCore.ClientPluginHost 0x3db3:$x2: IClientNetworkHost
12.2.RegSvcs.exe.477db96.10.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3d99:$x2: NanoCore.ClientPluginHost 0x4dce:$s4: PipeCreated 0x3d86:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6840000.23.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3f0b:$x1: NanoCore.ClientPluginHost 0x3f44:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6840000.23.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3f0b:$x2: NanoCore.ClientPluginHost 0x400f:$s4: PipeCreated 0x3f25:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4617df0.7.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1d3db:$x1: NanoCore.ClientPluginHost 0x1d3f5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4617df0.7.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1d3db:$x2: NanoCore.ClientPluginHost 0x20718:$s4: PipeCreated 0x1d3c8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.5ec0000.18.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
12.2.RegSvcs.exe.5ec0000.18.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
12.2.RegSvcs.exe.5ec0000.18.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.wDIaJji4Vv.exe.435a108.4.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe38d:$x1: NanoCore.ClientPluginHost 0xe3ca:$x2: IClientNetworkHost 0x11efd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.wDIaJji4Vv.exe.435a108.4.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe105:$x1: NanoCore Client.exe 0xe38d:$x2: NanoCore.ClientPluginHost 0xf9c6:$s1: PluginCommand 0xf9ba:$s2: FileCommand 0x1086b:$s3: PipeExists 0x16622:$s4: PipeCreated 0xe3b7:$s5: IClientLoggingHost
0.2.wDIaJji4Vv.exe.435a108.4.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.wDIaJji4Vv.exe.435a108.4.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xe0f5:$a: NanoCore 0xe105:$a: NanoCore 0xe339:$a: NanoCore 0xe34d:$a: NanoCore 0xe38d:$a: NanoCore 0xe154:$b: ClientPlugin 0xe356:$b: ClientPlugin 0xe396:$b: ClientPlugin 0xe27b:$c: ProjectData 0xec82:$d: DESCrypto 0x1664e:$e: KeepAlive 0x1463c:$g: LogClientMessage 0x10837:$i: get_Connected 0xefb8:$j: #=q 0xefe8:$j: #=q 0xf004:$j: #=q 0xf034:$j: #=q 0xf050:$j: #=q 0xf06c:$j: #=q 0xf09c:$j: #=q 0xf0b8:$j: #=q
12.2.RegSvcs.exe.4676f00.9.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xf7ad:$x1: NanoCore.ClientPluginHost 0xf7da:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4676f00.9.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xf7ad:$x2: NanoCore.ClientPluginHost 0x10888:$s4: PipeCreated 0xf7c7:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4676f00.9.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.RegSvcs.exe.6870000.25.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x13a8:$x1: NanoCore.ClientPluginHost
12.2.RegSvcs.exe.6870000.25.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x13a8:$x2: NanoCore.ClientPluginHost 0x1486:$s4: PipeCreated 0x13c2:$s5: IClientLoggingHost
0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x107e3d:$x1: NanoCore.ClientPluginHost 0x13a65d:$x1: NanoCore.ClientPluginHost 0x107e7a:$x2: IClientNetworkHost 0x13a69a:$x2: IClientNetworkHost 0x10b9ad:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x13e1cd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x107ba5:$a: NanoCore 0x107bb5:$a: NanoCore 0x107de9:$a: NanoCore 0x107dfd:$a: NanoCore 0x107e3d:$a: NanoCore 0x13a3c5:$a: NanoCore 0x13a3d5:$a: NanoCore 0x13a609:$a: NanoCore 0x13a61d:$a: NanoCore 0x13a65d:$a: NanoCore 0x107c04:$b: ClientPlugin 0x107e06:$b: ClientPlugin 0x107e46:$b: ClientPlugin 0x13a424:$b: ClientPlugin 0x13a626:$b: ClientPlugin 0x13a666:$b: ClientPlugin 0x22f36:$c: ProjectData 0x107d2b:$c: ProjectData 0x13a54b:$c: ProjectData 0x108732:$d: DESCrypto 0x13af52:$d: DESCrypto
12.2.RegSvcs.exe.3694638.3.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.3694638.3.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
12.2.RegSvcs.exe.36a0878.2.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x6da5:$x1: NanoCore.ClientPluginHost 0x6dd2:$x2: IClientNetworkHost
12.2.RegSvcs.exe.36a0878.2.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x6da5:$x2: NanoCore.ClientPluginHost 0x7d74:$s2: FileCommand 0xc776:$s4: PipeCreated 0x6dbf:$s5: IClientLoggingHost
12.2.RegSvcs.exe.5ec0000.18.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
12.2.RegSvcs.exe.5ec0000.18.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
12.2.RegSvcs.exe.5ec0000.18.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.RegSvcs.exe.480ab3a.11.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x2e61b:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost 0x2e658:$x2: IClientNetworkHost
12.2.RegSvcs.exe.480ab3a.11.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x2e61b:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x31a6e:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost 0x2e645:$s5: IClientLoggingHost
12.2.RegSvcs.exe.68e0000.30.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x41ee:$x1: NanoCore.ClientPluginHost 0x422b:$x2: IClientNetworkHost
12.2.RegSvcs.exe.68e0000.30.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x41ee:$x2: NanoCore.ClientPluginHost 0x7641:$s4: PipeCreated 0x4218:$s5: IClientLoggingHost
12.2.RegSvcs.exe.68d0000.29.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost
12.2.RegSvcs.exe.68d0000.29.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.480f7d9.12.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a53c:$x1: NanoCore.ClientPluginHost 0x2997c:$x1: NanoCore.ClientPluginHost 0x1a556:$x2: IClientNetworkHost 0x299b9:$x2: IClientNetworkHost
12.2.RegSvcs.exe.480f7d9.12.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a53c:$x2: NanoCore.ClientPluginHost 0x2997c:$x2: NanoCore.ClientPluginHost 0x1d879:$s4: PipeCreated 0x2cdcf:$s4: PipeCreated 0x1a529:$s5: IClientLoggingHost 0x299a6:$s5: IClientLoggingHost
12.2.RegSvcs.exe.467b529.8.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
12.2.RegSvcs.exe.467b529.8.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
12.2.RegSvcs.exe.467b529.8.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.3.RegSvcs.exe.49460d9.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x14dd9:$x1: NanoCore.ClientPluginHost 0x21f44:$x1: NanoCore.ClientPluginHost 0x2bd98:$x1: NanoCore.ClientPluginHost 0x33cc0:$x1: NanoCore.ClientPluginHost 0x39c93:$x1: NanoCore.ClientPluginHost 0x43701:$x1: NanoCore.ClientPluginHost 0x4db2e:$x1: NanoCore.ClientPluginHost 0x58b0d:$x1: NanoCore.ClientPluginHost 0x648b1:$x1: NanoCore.ClientPluginHost 0x897b7:$x1: NanoCore.ClientPluginHost 0x98bf9:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost 0x14e06:$x2: IClientNetworkHost 0x21f7d:$x2: IClientNetworkHost 0x2bdd1:$x2: IClientNetworkHost 0x33cf9:$x2: IClientNetworkHost 0x4385e:$x2: IClientNetworkHost 0x4db67:$x2: IClientNetworkHost 0x58b27:$x2: IClientNetworkHost 0x648cb:$x2: IClientNetworkHost
12.3.RegSvcs.exe.49460d9.5.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4b96:$a: NanoCore 0x4bbb:$a: NanoCore 0x4c14:$a: NanoCore 0x14db3:$a: NanoCore 0x14dd9:$a: NanoCore 0x14e35:$a: NanoCore 0x21c8c:$a: NanoCore 0x21ce5:$a: NanoCore 0x21d18:$a: NanoCore 0x21f44:$a: NanoCore 0x21fc0:$a: NanoCore 0x225d9:$a: NanoCore 0x22722:$a: NanoCore 0x22bf6:$a: NanoCore 0x22edd:$a: NanoCore 0x22ef4:$a: NanoCore 0x2bd98:$a: NanoCore 0x2be14:$a: NanoCore 0x2e6f7:$a: NanoCore 0x33cc0:$a: NanoCore 0x33d3a:$a: NanoCore
0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x167c5d:$x1: NanoCore.ClientPluginHost 0x19a47d:$x1: NanoCore.ClientPluginHost 0x167c9a:$x2: IClientNetworkHost 0x19a4ba:$x2: IClientNetworkHost 0x16b7cd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x19dfed:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x1679c5:$a: NanoCore 0x1679d5:$a: NanoCore 0x167c09:$a: NanoCore 0x167c1d:$a: NanoCore 0x167c5d:$a: NanoCore 0x19a1e5:$a: NanoCore 0x19a1f5:$a: NanoCore 0x19a429:$a: NanoCore 0x19a43d:$a: NanoCore 0x19a47d:$a: NanoCore 0x167a24:$b: ClientPlugin 0x167c26:$b: ClientPlugin 0x167c66:$b: ClientPlugin 0x19a244:$b: ClientPlugin 0x19a446:$b: ClientPlugin 0x19a486:$b: ClientPlugin 0x22f36:$c: ProjectData 0x82d56:$c: ProjectData 0x167b4b:$c: ProjectData 0x19a36b:$c: ProjectData 0x168552:$d: DESCrypto
0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1018d:$x1: NanoCore.ClientPluginHost 0x429ad:$x1: NanoCore.ClientPluginHost 0x101ca:$x2: IClientNetworkHost 0x429ea:$x2: IClientNetworkHost 0x13cfd:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe 0x4651d:$x3: #=qjgz7ljmpp0J7FvL9dmi8ctJILdgtcbw8JYUc6GC8MeJ9B11Crfg2Djxcf0p8PZGe
0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xff05:$x1: NanoCore Client.exe 0x42725:$x1: NanoCore Client.exe 0x1018d:$x2: NanoCore.ClientPluginHost 0x429ad:$x2: NanoCore.ClientPluginHost 0x117c6:$s1: PluginCommand 0x43fe6:$s1: PluginCommand 0x117ba:$s2: FileCommand 0x43fda:$s2: FileCommand 0x1266b:$s3: PipeExists 0x44e8b:$s3: PipeExists 0x18422:$s4: PipeCreated 0x4ac42:$s4: PipeCreated 0x101b7:$s5: IClientLoggingHost 0x429d7:$s5: IClientLoggingHost
0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0xfef5:$a: NanoCore 0xff05:$a: NanoCore 0x10139:$a: NanoCore 0x1014d:$a: NanoCore 0x1018d:$a: NanoCore 0x42715:$a: NanoCore 0x42725:$a: NanoCore 0x42959:$a: NanoCore 0x4296d:$a: NanoCore 0x429ad:$a: NanoCore 0xff54:$b: ClientPlugin 0x10156:$b: ClientPlugin 0x10196:$b: ClientPlugin 0x42774:$b: ClientPlugin 0x42976:$b: ClientPlugin 0x429b6:$b: ClientPlugin 0x1007b:$c: ProjectData 0x4289b:$c: ProjectData 0x10a82:$d: DESCrypto 0x432a2:$d: DESCrypto 0x1844e:$e: KeepAlive
12.2.RegSvcs.exe.6d4e8a4.33.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x10937:$x1: NanoCore.ClientPluginHost 0x10951:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6d4e8a4.33.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x10937:$x2: NanoCore.ClientPluginHost 0x13c74:$s4: PipeCreated 0x10924:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6890000.27.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1deb:$x1: NanoCore.ClientPluginHost 0x1e24:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6890000.27.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1deb:$x2: NanoCore.ClientPluginHost 0x1f36:$s4: PipeCreated 0x1e05:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6d40000.32.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1d3db:$x1: NanoCore.ClientPluginHost 0x1d3f5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6d40000.32.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1d3db:$x2: NanoCore.ClientPluginHost 0x20718:$s4: PipeCreated 0x1d3c8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4676f00.9.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xd9ad:$x1: NanoCore.ClientPluginHost 0xd9da:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4676f00.9.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xd9ad:$x2: NanoCore.ClientPluginHost 0xea88:$s4: PipeCreated 0xd9c7:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4676f00.9.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.RegSvcs.exe.461ca8f.6.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a53c:$x1: NanoCore.ClientPluginHost 0x1a556:$x2: IClientNetworkHost
12.2.RegSvcs.exe.461ca8f.6.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a53c:$x2: NanoCore.ClientPluginHost 0x1d879:$s4: PipeCreated 0x1a529:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6d44c9f.34.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1a53c:$x1: NanoCore.ClientPluginHost 0x1a556:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6d44c9f.34.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1a53c:$x2: NanoCore.ClientPluginHost 0x1d879:$s4: PipeCreated 0x1a529:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4626694.5.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x10937:$x1: NanoCore.ClientPluginHost 0x10951:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4626694.5.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x10937:$x2: NanoCore.ClientPluginHost 0x13c74:$s4: PipeCreated 0x10924:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6860000.24.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2205:$x1: NanoCore.ClientPluginHost 0x223e:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6860000.24.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2205:$x2: NanoCore.ClientPluginHost 0x2320:$s4: PipeCreated 0x221f:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6880000.26.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x3deb:$x1: NanoCore.ClientPluginHost 0x3f48:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6880000.26.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x3deb:$x2: NanoCore.ClientPluginHost 0x4d41:$s3: PipeExists 0x3fe1:$s4: PipeCreated 0x3e05:$s5: IClientLoggingHost
12.2.RegSvcs.exe.36212fc.1.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xe75:$x1: NanoCore.ClientPluginHost 0xe8f:$x2: IClientNetworkHost
12.2.RegSvcs.exe.36212fc.1.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xe75:$x2: NanoCore.ClientPluginHost 0x1261:$s3: PipeExists 0x1136:$s4: PipeCreated 0xeb0:$s5: IClientLoggingHost
12.2.RegSvcs.exe.67e0000.22.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost
12.2.RegSvcs.exe.67e0000.22.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0x1800:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost
12.2.RegSvcs.exe.477db96.10.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
12.2.RegSvcs.exe.477db96.10.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
12.2.RegSvcs.exe.67b0000.20.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.67b0000.20.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x6a6b:$s4: PipeCreated
12.3.RegSvcs.exe.4a2a9ed.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x2205:$a: NanoCore 0x227f:$a: NanoCore 0x6e1c:$a: NanoCore 0x81d6:$a: NanoCore 0x8220:$a: NanoCore 0x8e7a:$a: NanoCore 0x11c42:$a: NanoCore 0x11d2c:$a: NanoCore 0x12ba3:$a: NanoCore 0x1bd4d:$a: NanoCore 0x1bdae:$a: NanoCore 0x1bdf1:$a: NanoCore 0x1be31:$a: NanoCore 0x1c06d:$a: NanoCore 0x1c10d:$a: NanoCore 0x1c8e5:$a: NanoCore 0x1ced8:$a: NanoCore 0x1d029:$a: NanoCore 0x1de83:$a: NanoCore 0x1e0ea:$a: NanoCore 0x1e0ff:$a: NanoCore
12.2.RegSvcs.exe.6860000.24.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x605:$x1: NanoCore.ClientPluginHost 0x63e:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6860000.24.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x605:$x2: NanoCore.ClientPluginHost 0x720:$s4: PipeCreated 0x61f:$s5: IClientLoggingHost
12.2.RegSvcs.exe.5ec4629.17.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0xb184:$x1: NanoCore.ClientPluginHost 0xb1b1:$x2: IClientNetworkHost
12.2.RegSvcs.exe.5ec4629.17.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0xb184:$x2: NanoCore.ClientPluginHost 0xc25f:$s4: PipeCreated 0xb19e:$s5: IClientLoggingHost
12.2.RegSvcs.exe.5ec4629.17.raw.unpack	JoeSecurity_Nanocore	Yara detected Nanocore RAT	Joe Security
12.2.RegSvcs.exe.480ab3a.11.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1d3db:$x1: NanoCore.ClientPluginHost 0x1d3f5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.480ab3a.11.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1d3db:$x2: NanoCore.ClientPluginHost 0x20718:$s4: PipeCreated 0x1d3c8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.67b0000.20.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x2dbb:$x1: NanoCore.ClientPluginHost 0x2de5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.67b0000.20.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x2dbb:$x2: NanoCore.ClientPluginHost 0x4c6b:$s4: PipeCreated
0.2.wDIaJji4Vv.exe.3199378.1.raw.unpack	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
12.2.RegSvcs.exe.68b0000.28.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b99:$x1: NanoCore.ClientPluginHost 0x5bb3:$x2: IClientNetworkHost
12.2.RegSvcs.exe.68b0000.28.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b99:$x2: NanoCore.ClientPluginHost 0x6bce:$s4: PipeCreated 0x5b86:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4617df0.7.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4617df0.7.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4801906.13.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x170b:$x1: NanoCore.ClientPluginHost 0x1725:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4801906.13.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x170b:$x2: NanoCore.ClientPluginHost 0x34b6:$s4: PipeCreated 0x16f8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6840000.23.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5b0b:$x1: NanoCore.ClientPluginHost 0x5b44:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6840000.23.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5b0b:$x2: NanoCore.ClientPluginHost 0x5c0f:$s4: PipeCreated 0x5b25:$s5: IClientLoggingHost
12.2.RegSvcs.exe.4801906.13.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x350b:$x1: NanoCore.ClientPluginHost 0x2840f:$x1: NanoCore.ClientPluginHost 0x3784f:$x1: NanoCore.ClientPluginHost 0x3525:$x2: IClientNetworkHost 0x28429:$x2: IClientNetworkHost 0x3788c:$x2: IClientNetworkHost
12.2.RegSvcs.exe.4801906.13.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x350b:$x2: NanoCore.ClientPluginHost 0x2840f:$x2: NanoCore.ClientPluginHost 0x3784f:$x2: NanoCore.ClientPluginHost 0x52b6:$s4: PipeCreated 0x2b74c:$s4: PipeCreated 0x3aca2:$s4: PipeCreated 0x34f8:$s5: IClientLoggingHost 0x283fc:$s5: IClientLoggingHost 0x37879:$s5: IClientLoggingHost
12.2.RegSvcs.exe.67c0000.21.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost
12.2.RegSvcs.exe.67c0000.21.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0xe576:$s4: PipeCreated 0x8bbf:$s5: IClientLoggingHost
12.3.RegSvcs.exe.495230d.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d10:$x1: NanoCore.ClientPluginHost 0x1fb64:$x1: NanoCore.ClientPluginHost 0x27a8c:$x1: NanoCore.ClientPluginHost 0x2da5f:$x1: NanoCore.ClientPluginHost 0x374cd:$x1: NanoCore.ClientPluginHost 0x418fa:$x1: NanoCore.ClientPluginHost 0x4c8d9:$x1: NanoCore.ClientPluginHost 0x5867d:$x1: NanoCore.ClientPluginHost 0x7d583:$x1: NanoCore.ClientPluginHost 0x8c9c5:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d49:$x2: IClientNetworkHost 0x1fb9d:$x2: IClientNetworkHost 0x27ac5:$x2: IClientNetworkHost 0x3762a:$x2: IClientNetworkHost 0x41933:$x2: IClientNetworkHost 0x4c8f3:$x2: IClientNetworkHost 0x58697:$x2: IClientNetworkHost 0x7d59d:$x2: IClientNetworkHost 0x8ca02:$x2: IClientNetworkHost
12.3.RegSvcs.exe.495230d.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a58:$a: NanoCore 0x15ab1:$a: NanoCore 0x15ae4:$a: NanoCore 0x15d10:$a: NanoCore 0x15d8c:$a: NanoCore 0x163a5:$a: NanoCore 0x164ee:$a: NanoCore 0x169c2:$a: NanoCore 0x16ca9:$a: NanoCore 0x16cc0:$a: NanoCore 0x1fb64:$a: NanoCore 0x1fbe0:$a: NanoCore 0x224c3:$a: NanoCore 0x27a8c:$a: NanoCore 0x27b06:$a: NanoCore 0x2c6a3:$a: NanoCore 0x2da5f:$a: NanoCore 0x2daa9:$a: NanoCore
12.2.RegSvcs.exe.36a0878.2.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x8ba5:$x1: NanoCore.ClientPluginHost 0x15d17:$x1: NanoCore.ClientPluginHost 0x1fb6f:$x1: NanoCore.ClientPluginHost 0x27a9d:$x1: NanoCore.ClientPluginHost 0x2da78:$x1: NanoCore.ClientPluginHost 0x374eb:$x1: NanoCore.ClientPluginHost 0x4191f:$x1: NanoCore.ClientPluginHost 0x4c909:$x1: NanoCore.ClientPluginHost 0x586b7:$x1: NanoCore.ClientPluginHost 0x6440a:$x1: NanoCore.ClientPluginHost 0x8bd2:$x2: IClientNetworkHost 0x15d50:$x2: IClientNetworkHost 0x1fba8:$x2: IClientNetworkHost 0x27ad6:$x2: IClientNetworkHost 0x37648:$x2: IClientNetworkHost 0x41958:$x2: IClientNetworkHost 0x4c923:$x2: IClientNetworkHost 0x586d1:$x2: IClientNetworkHost 0x64447:$x2: IClientNetworkHost
12.2.RegSvcs.exe.36a0878.2.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x8ba5:$x2: NanoCore.ClientPluginHost 0x15d17:$x2: NanoCore.ClientPluginHost 0x1fb6f:$x2: NanoCore.ClientPluginHost 0x27a9d:$x2: NanoCore.ClientPluginHost 0x2da78:$x2: NanoCore.ClientPluginHost 0x374eb:$x2: NanoCore.ClientPluginHost 0x4191f:$x2: NanoCore.ClientPluginHost 0x4c909:$x2: NanoCore.ClientPluginHost 0x586b7:$x2: NanoCore.ClientPluginHost 0x6440a:$x2: NanoCore.ClientPluginHost 0x9b74:$s2: FileCommand 0x38441:$s3: PipeExists 0xe576:$s4: PipeCreated 0x15e34:$s4: PipeCreated 0x1fc73:$s4: PipeCreated 0x27bb8:$s4: PipeCreated 0x2db56:$s4: PipeCreated 0x376e1:$s4: PipeCreated 0x41a6a:$s4: PipeCreated 0x4d93e:$s4: PipeCreated 0x5a462:$s4: PipeCreated
12.2.RegSvcs.exe.36a0878.2.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a5f:$a: NanoCore 0x15ab8:$a: NanoCore 0x15aeb:$a: NanoCore 0x15d17:$a: NanoCore 0x15d93:$a: NanoCore 0x163ac:$a: NanoCore 0x164f5:$a: NanoCore 0x169c9:$a: NanoCore 0x16cb0:$a: NanoCore 0x16cc7:$a: NanoCore 0x1fb6f:$a: NanoCore 0x1fbeb:$a: NanoCore 0x224ce:$a: NanoCore 0x27a9d:$a: NanoCore 0x27b17:$a: NanoCore 0x2da78:$a: NanoCore 0x2dac2:$a: NanoCore 0x2e71c:$a: NanoCore
12.2.RegSvcs.exe.68e0000.30.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x5fee:$x1: NanoCore.ClientPluginHost 0x602b:$x2: IClientNetworkHost
12.2.RegSvcs.exe.68e0000.30.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x5fee:$x2: NanoCore.ClientPluginHost 0x9441:$s4: PipeCreated 0x6018:$s5: IClientLoggingHost
12.2.RegSvcs.exe.6d40000.32.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x1f1db:$x1: NanoCore.ClientPluginHost 0x1f1f5:$x2: IClientNetworkHost
12.2.RegSvcs.exe.6d40000.32.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x1f1db:$x2: NanoCore.ClientPluginHost 0x22518:$s4: PipeCreated 0x1f1c8:$s5: IClientLoggingHost
12.2.RegSvcs.exe.3694638.3.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x4bbb:$x1: NanoCore.ClientPluginHost 0x14de5:$x1: NanoCore.ClientPluginHost 0x21f57:$x1: NanoCore.ClientPluginHost 0x2bdaf:$x1: NanoCore.ClientPluginHost 0x33cdd:$x1: NanoCore.ClientPluginHost 0x39cb8:$x1: NanoCore.ClientPluginHost 0x4372b:$x1: NanoCore.ClientPluginHost 0x4db5f:$x1: NanoCore.ClientPluginHost 0x58b49:$x1: NanoCore.ClientPluginHost 0x648f7:$x1: NanoCore.ClientPluginHost 0x7064a:$x1: NanoCore.ClientPluginHost 0x4be5:$x2: IClientNetworkHost 0x14e12:$x2: IClientNetworkHost 0x21f90:$x2: IClientNetworkHost 0x2bde8:$x2: IClientNetworkHost 0x33d16:$x2: IClientNetworkHost 0x43888:$x2: IClientNetworkHost 0x4db98:$x2: IClientNetworkHost 0x58b63:$x2: IClientNetworkHost 0x64911:$x2: IClientNetworkHost 0x70687:$x2: IClientNetworkHost
12.2.RegSvcs.exe.3694638.3.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x4bbb:$x2: NanoCore.ClientPluginHost 0x14de5:$x2: NanoCore.ClientPluginHost 0x21f57:$x2: NanoCore.ClientPluginHost 0x2bdaf:$x2: NanoCore.ClientPluginHost 0x33cdd:$x2: NanoCore.ClientPluginHost 0x39cb8:$x2: NanoCore.ClientPluginHost 0x4372b:$x2: NanoCore.ClientPluginHost 0x4db5f:$x2: NanoCore.ClientPluginHost 0x58b49:$x2: NanoCore.ClientPluginHost 0x648f7:$x2: NanoCore.ClientPluginHost 0x7064a:$x2: NanoCore.ClientPluginHost 0x15db4:$s2: FileCommand 0x44681:$s3: PipeExists 0x6a6b:$s4: PipeCreated 0x1a7b6:$s4: PipeCreated 0x22074:$s4: PipeCreated 0x2beb3:$s4: PipeCreated 0x33df8:$s4: PipeCreated 0x39d96:$s4: PipeCreated 0x43921:$s4: PipeCreated 0x4dcaa:$s4: PipeCreated
12.2.RegSvcs.exe.3694638.3.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x4b96:$a: NanoCore 0x4bbb:$a: NanoCore 0x4c14:$a: NanoCore 0x14dbf:$a: NanoCore 0x14de5:$a: NanoCore 0x14e41:$a: NanoCore 0x21c9f:$a: NanoCore 0x21cf8:$a: NanoCore 0x21d2b:$a: NanoCore 0x21f57:$a: NanoCore 0x21fd3:$a: NanoCore 0x225ec:$a: NanoCore 0x22735:$a: NanoCore 0x22c09:$a: NanoCore 0x22ef0:$a: NanoCore 0x22f07:$a: NanoCore 0x2bdaf:$a: NanoCore 0x2be2b:$a: NanoCore 0x2e70e:$a: NanoCore 0x33cdd:$a: NanoCore 0x33d57:$a: NanoCore
12.2.RegSvcs.exe.36b4eac.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0xb53b:$x1: NanoCore.ClientPluginHost 0x13469:$x1: NanoCore.ClientPluginHost 0x19444:$x1: NanoCore.ClientPluginHost 0x22eb7:$x1: NanoCore.ClientPluginHost 0x2d2eb:$x1: NanoCore.ClientPluginHost 0x382d5:$x1: NanoCore.ClientPluginHost 0x44083:$x1: NanoCore.ClientPluginHost 0x4fdd6:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xb574:$x2: IClientNetworkHost 0x134a2:$x2: IClientNetworkHost 0x23014:$x2: IClientNetworkHost 0x2d324:$x2: IClientNetworkHost 0x382ef:$x2: IClientNetworkHost 0x4409d:$x2: IClientNetworkHost 0x4fe13:$x2: IClientNetworkHost
12.2.RegSvcs.exe.36b4eac.4.raw.unpack	Nanocore_RAT_Feb18_1	Detects Nanocore RAT	Florian Roth	0x16e3:$x2: NanoCore.ClientPluginHost 0xb53b:$x2: NanoCore.ClientPluginHost 0x13469:$x2: NanoCore.ClientPluginHost 0x19444:$x2: NanoCore.ClientPluginHost 0x22eb7:$x2: NanoCore.ClientPluginHost 0x2d2eb:$x2: NanoCore.ClientPluginHost 0x382d5:$x2: NanoCore.ClientPluginHost 0x44083:$x2: NanoCore.ClientPluginHost 0x4fdd6:$x2: NanoCore.ClientPluginHost 0x23e0d:$s3: PipeExists 0x1800:$s4: PipeCreated 0xb63f:$s4: PipeCreated 0x13584:$s4: PipeCreated 0x19522:$s4: PipeCreated 0x230ad:$s4: PipeCreated 0x2d436:$s4: PipeCreated 0x3930a:$s4: PipeCreated 0x45e2e:$s4: PipeCreated 0x53229:$s4: PipeCreated 0x16fd:$s5: IClientLoggingHost 0xb555:$s5: IClientLoggingHost
12.2.RegSvcs.exe.36b4eac.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0xb53b:$a: NanoCore 0xb5b7:$a: NanoCore 0xde9a:$a: NanoCore 0x13469:$a: NanoCore 0x134e3:$a: NanoCore 0x19444:$a: NanoCore 0x1948e:$a: NanoCore 0x1a0e8:$a: NanoCore 0x22eb7:$a: NanoCore 0x22fa1:$a: NanoCore 0x23e18:$a: NanoCore
12.3.RegSvcs.exe.496693a.4.raw.unpack	Nanocore_RAT_Gen_2	Detetcs the Nanocore RAT	Florian Roth	0x16e3:$x1: NanoCore.ClientPluginHost 0xb537:$x1: NanoCore.ClientPluginHost 0x1345f:$x1: NanoCore.ClientPluginHost 0x19432:$x1: NanoCore.ClientPluginHost 0x22ea0:$x1: NanoCore.ClientPluginHost 0x2d2cd:$x1: NanoCore.ClientPluginHost 0x382ac:$x1: NanoCore.ClientPluginHost 0x44050:$x1: NanoCore.ClientPluginHost 0x68f56:$x1: NanoCore.ClientPluginHost 0x78398:$x1: NanoCore.ClientPluginHost 0x171c:$x2: IClientNetworkHost 0xb570:$x2: IClientNetworkHost 0x13498:$x2: IClientNetworkHost 0x22ffd:$x2: IClientNetworkHost 0x2d306:$x2: IClientNetworkHost 0x382c6:$x2: IClientNetworkHost 0x4406a:$x2: IClientNetworkHost 0x68f70:$x2: IClientNetworkHost 0x783d5:$x2: IClientNetworkHost
12.3.RegSvcs.exe.496693a.4.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0xb537:$a: NanoCore 0xb5b3:$a: NanoCore 0xde96:$a: NanoCore 0x1345f:$a: NanoCore 0x134d9:$a: NanoCore 0x18076:$a: NanoCore 0x19432:$a: NanoCore 0x1947c:$a: NanoCore 0x1a0d6:$a: NanoCore 0x22ea0:$a: NanoCore 0x22f8a:$a: NanoCore
12.3.RegSvcs.exe.4a24fc1.1.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x142b:$a: NanoCore 0x1484:$a: NanoCore 0x14b7:$a: NanoCore 0x16e3:$a: NanoCore 0x175f:$a: NanoCore 0x1d78:$a: NanoCore 0x1ec1:$a: NanoCore 0x2395:$a: NanoCore 0x267c:$a: NanoCore 0x2693:$a: NanoCore 0x7c31:$a: NanoCore 0x7cab:$a: NanoCore 0xc848:$a: NanoCore 0xdc02:$a: NanoCore 0xdc4c:$a: NanoCore 0xe8a6:$a: NanoCore 0x1766e:$a: NanoCore 0x17758:$a: NanoCore 0x185cf:$a: NanoCore 0x21779:$a: NanoCore 0x217da:$a: NanoCore
12.3.RegSvcs.exe.4a10996.0.raw.unpack	NanoCore	unknown	Kevin Breen <kevin@techanarchy.net>	0x8b7f:$a: NanoCore 0x8ba5:$a: NanoCore 0x8c01:$a: NanoCore 0x15a56:$a: NanoCore 0x15aaf:$a: NanoCore 0x15ae2:$a: NanoCore 0x15d0e:$a: NanoCore 0x15d8a:$a: NanoCore 0x163a3:$a: NanoCore 0x164ec:$a: NanoCore 0x169c0:$a: NanoCore 0x16ca7:$a: NanoCore 0x16cbe:$a: NanoCore 0x1c25c:$a: NanoCore 0x1c2d6:$a: NanoCore 0x20e73:$a: NanoCore 0x2222d:$a: NanoCore 0x22277:$a: NanoCore 0x22ed1:$a: NanoCore 0x2bc99:$a: NanoCore 0x2bd83:$a: NanoCore
Click to see the 132 entries

Sigma Overview

System Summary:

Sigma detected: NanoCore

Show sources

Source: File created

Author: Joe Security: Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe, ProcessId: 6228, TargetFilename: C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat

Sigma detected: Scheduled temp file as task from temp location

Show sources

Source: Process started

Author: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: 'C:\Users\user\Desktop\wDIaJji4Vv.exe' , ParentImage: C:\Users\user\Desktop\wDIaJji4Vv.exe, ParentProcessId: 2788, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp', ProcessId: 3120

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp

Malware Configuration Extractor: NanoCore {"Version": "1.2.2.0", "Mutex": "282cf72b-8a92-4c1b-b768-b591a1e0", "Group": "jobo", "Domain1": "james12.ddns.net", "Domain2": "127.0.0.1", "Port": 6060, "KeyboardLogging": "Enable", "RunOnStartup": "Enable", "RequestElevation": "Disable", "BypassUAC": "Disable", "ClearZoneIdentifier": "Enable", "ClearAccessControl": "Disable", "SetCriticalProcess": "Disable", "PreventSystemSleep": "Enable", "ActivateAwayMode": "Disable", "EnableDebugMode": "Disable", "RunDelay": 0, "ConnectDelay": 4000, "RestartDelay": 5000, "TimeoutInterval": 5000, "KeepAliveTimeout": 30000, "MutexTimeout": 5000, "LanTimeout": 2500, "WanTimeout": 8000, "BufferSize": "ffff0000", "MaxPacketSize": "0000a000", "GCThreshold": "0000a000", "UseCustomDNS": "Enable", "PrimaryDNSServer": "", "BackupDNSServer": ""}

Multi AV Scanner detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe

ReversingLabs: Detection: 25%

Multi AV Scanner detection for submitted file

Show sources

Source: wDIaJji4Vv.exe	Virustotal: Detection: 60%			Perma Link
Source: wDIaJji4Vv.exe	ReversingLabs: Detection: 25%

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY
Source: Yara match	File source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Show sources

Source: wDIaJji4Vv.exe

Joe Sandbox ML: detected

Source: 12.2.RegSvcs.exe.400000.0.unpack	Avira: Label: TR/Dropper.MSIL.Gen7
Source: 12.2.RegSvcs.exe.5ec0000.18.unpack	Avira: Label: TR/NanoCore.fadte
Source: 12.2.RegSvcs.exe.4676f00.9.unpack	Avira: Label: TR/NanoCore.fadte

Source: wDIaJji4Vv.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: wDIaJji4Vv.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb_RO source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: System.pdbL source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: RegSvcs.exe, 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp
Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.pdb source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: System.EnterpriseServices.Wrapper.pdb source: dhcpmon.exe, 0000000E.00000002.253699119.0000000004FA0000.00000002.00000001.sdmp
Source:	Binary string: C:\Windows\dll\System.pdbws source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: indows\System.pdbpdbtem.pdbE= source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: indows\RegSvcs.pdbpdbvcs.pdb source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: RegSvcs.pdb source: dhcpmon.exe, dhcpmon.exe.12.dr
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp
Source:	Binary string: System.pdbX source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: mscorrc.pdb source: wDIaJji4Vv.exe, 00000000.00000002.224866978.00000000053A0000.00000002.00000001.sdmp, RegSvcs.exe, 0000000C.00000002.483961085.0000000005BC0000.00000002.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 4x nop then add dword ptr [ebp-04h], 01h	0_2_05330C48
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 4x nop then mov dword ptr [ebp-1Ch], 00000000h	0_2_0533C9C8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	12_2_06B381F6
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 4x nop then lea esp, dword ptr [ebp-0Ch]	12_2_06B381F8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 4x nop then mov esp, ebp	12_2_06B34370

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49715 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49721 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49722 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49725 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49729 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49730 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49732 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49734 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49735 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49743 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49753 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49754 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49755 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49756 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49759 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49760 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49761 -> 79.134.225.7:6060
Source: Traffic	Snort IDS: 2025019 ET TROJAN Possible NanoCore C2 60B 192.168.2.3:49762 -> 79.134.225.7:6060

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	URLs: james12.ddns.net
Source: Malware configuration extractor	URLs: 127.0.0.1

Uses dynamic DNS services

Show sources

Source: unknown

DNS query: name: james12.ddns.net

Source: global traffic

TCP traffic: 192.168.2.3:49715 -> 79.134.225.7:6060

Source: Joe Sandbox View

IP Address: 79.134.225.7 79.134.225.7

Source: Joe Sandbox View

ASN Name: FINK-TELECOM-SERVICESCH FINK-TELECOM-SERVICESCH

Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174
Source: unknown	UDP traffic detected without corresponding DNS query: 37.235.1.174

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Code function: 12_2_058A2AE6 WSARecv,

12_2_058A2AE6

Source: unknown

DNS traffic detected: queries for: james12.ddns.net

Source: powershell.exe, 00000007.00000003.220596810.00000000032B3000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: RegSvcs.exe, 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp	String found in binary or memory: http://google.com
Source: wDIaJji4Vv.exe	String found in binary or memory: http://www.fileden.com/files/2011/10/5/3204996/curver.txt
Source: powershell.exe, 00000002.00000003.278956963.00000000053E8000.00000004.00000001.sdmp	String found in binary or memory: https://go.microX%
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	String found in binary or memory: https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css

Source: dhcpmon.exe, 0000000E.00000002.249289939.0000000000D58000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

Source: RegSvcs.exe, 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp

Binary or memory string: RegisterRawInputDevices

E-Banking Fraud:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY
Source: Yara match	File source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE

System Summary:

Malicious sample detected (through community Yara rule)

Show sources

Source: 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.480310164.0000000003664000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000003.462233359.0000000004945000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.68b0000.28.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.67c0000.21.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.4a2a9ed.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.5c20000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.4a10996.0.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6890000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6880000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.68d0000.29.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.477db96.10.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6840000.23.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.4617df0.7.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6870000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.3694638.3.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.36a0878.2.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.480ab3a.11.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.68e0000.30.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.68d0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.480f7d9.12.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.49460d9.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.49460d9.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.6d4e8a4.33.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6890000.27.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6d40000.32.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.461ca8f.6.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6d44c9f.34.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.4626694.5.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6860000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6880000.26.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.36212fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.67e0000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.477db96.10.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.67b0000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.4a2a9ed.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.6860000.24.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.480ab3a.11.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.67b0000.20.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.68b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.4617df0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.4801906.13.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6840000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.4801906.13.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.67c0000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.495230d.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.495230d.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.36a0878.2.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.36a0878.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.68e0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.6d40000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.3694638.3.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.3694638.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.2.RegSvcs.exe.36b4eac.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.2.RegSvcs.exe.36b4eac.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.3.RegSvcs.exe.496693a.4.raw.unpack, type: UNPACKEDPE	Matched rule: Detetcs the Nanocore RAT Author: Florian Roth
Source: 12.3.RegSvcs.exe.496693a.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.3.RegSvcs.exe.4a24fc1.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>
Source: 12.3.RegSvcs.exe.4a10996.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore Author: Kevin Breen <kevin@techanarchy.net>

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_058A131A NtQuerySystemInformation,		12_2_058A131A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_058A12DF NtQuerySystemInformation,		12_2_058A12DF

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_05338728	0_2_05338728
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_053329A0	0_2_053329A0
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_05332990	0_2_05332990
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03052477	12_2_03052477
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03067ABE	12_2_03067ABE
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03198798	12_2_03198798
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03192FA8	12_2_03192FA8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_031923A0	12_2_031923A0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03193850	12_2_03193850
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_0319B068	12_2_0319B068
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03199398	12_2_03199398
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_0319945F	12_2_0319945F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_0319306F	12_2_0319306F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B366BF	12_2_06B366BF
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B36EA0	12_2_06B36EA0
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B390E8	12_2_06B390E8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B384E8	12_2_06B384E8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B324D8	12_2_06B324D8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B330D8	12_2_06B330D8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B391AF	12_2_06B391AF
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B3319F	12_2_06B3319F
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B365F8	12_2_06B365F8
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B359F8	12_2_06B359F8

Source: wDIaJji4Vv.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: LGKyjAEnmfdSo.exe.0.dr	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: wDIaJji4Vv.exe	Binary or memory string: OriginalFilename vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameDebuggerHiddenAttribute.dllX vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.225991421.0000000006150000.00000002.00000001.sdmp	Binary or memory string: originalfilename vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.225991421.0000000006150000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamepropsys.dll.mui@ vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.213917012.00000000009A2000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenameSparseArray.exeT vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.225741306.0000000006050000.00000002.00000001.sdmp	Binary or memory string: System.OriginalFileName vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.217625235.000000000321D000.00000004.00000001.sdmp	Binary or memory string: OriginalFilenameDurmu_ vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe, 00000000.00000002.224866978.00000000053A0000.00000002.00000001.sdmp	Binary or memory string: OriginalFilenamemscorrc.dllT vs wDIaJji4Vv.exe
Source: wDIaJji4Vv.exe	Binary or memory string: OriginalFilenameSparseArray.exeT vs wDIaJji4Vv.exe

Source: wDIaJji4Vv.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE

Source: 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.480310164.0000000003664000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000003.462233359.0000000004945000.00000004.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.68b0000.28.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.68b0000.28.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.67c0000.21.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.67c0000.21.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.3.RegSvcs.exe.4a2a9ed.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.3.RegSvcs.exe.4a2a9ed.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.5c20000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.5c20000.16.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.3.RegSvcs.exe.4a10996.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.3.RegSvcs.exe.4a10996.0.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6890000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6890000.27.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6880000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6880000.26.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.68d0000.29.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.68d0000.29.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.477db96.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.477db96.10.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6840000.23.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6840000.23.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.4617df0.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4617df0.7.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6870000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6870000.25.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.3694638.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.3694638.3.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.36a0878.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.36a0878.2.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.480ab3a.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.480ab3a.11.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.68e0000.30.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.68e0000.30.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.68d0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.68d0000.29.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.480f7d9.12.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.480f7d9.12.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.3.RegSvcs.exe.49460d9.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.3.RegSvcs.exe.49460d9.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.6d4e8a4.33.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6d4e8a4.33.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6890000.27.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6890000.27.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6d40000.32.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6d40000.32.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.461ca8f.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.461ca8f.6.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6d44c9f.34.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6d44c9f.34.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.4626694.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4626694.5.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6860000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6860000.24.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6880000.26.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6880000.26.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.36212fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.36212fc.1.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.67e0000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.67e0000.22.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.477db96.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.477db96.10.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.67b0000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.67b0000.20.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.3.RegSvcs.exe.4a2a9ed.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.6860000.24.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6860000.24.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.480ab3a.11.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.480ab3a.11.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.67b0000.20.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.67b0000.20.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.68b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.68b0000.28.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.4617df0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4617df0.7.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.4801906.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4801906.13.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6840000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6840000.23.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.4801906.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.4801906.13.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.67c0000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.67c0000.21.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.3.RegSvcs.exe.495230d.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.3.RegSvcs.exe.495230d.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.36a0878.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.36a0878.2.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.36a0878.2.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.68e0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.68e0000.30.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.6d40000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.6d40000.32.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.3694638.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.3694638.3.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.3694638.3.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.2.RegSvcs.exe.36b4eac.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.2.RegSvcs.exe.36b4eac.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Feb18_1 date = 2018-02-19, hash1 = aa486173e9d594729dbb5626748ce10a75ee966481b68c1b4f6323c827d9658c, author = Florian Roth, description = Detects Nanocore RAT, reference = Internal Research - T2T, license = https://creativecommons.org/licenses/by-nc/4.0/
Source: 12.2.RegSvcs.exe.36b4eac.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.3.RegSvcs.exe.496693a.4.raw.unpack, type: UNPACKEDPE	Matched rule: Nanocore_RAT_Gen_2 date = 2016-04-22, hash1 = 755f49a4ffef5b1b62f4b5a5de279868c0c1766b528648febf76628f1fe39050, author = Florian Roth, description = Detetcs the Nanocore RAT, license = https://creativecommons.org/licenses/by-nc/4.0/, score = https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/
Source: 12.3.RegSvcs.exe.496693a.4.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.3.RegSvcs.exe.4a24fc1.1.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore
Source: 12.3.RegSvcs.exe.4a10996.0.raw.unpack, type: UNPACKEDPE	Matched rule: NanoCore date = 2014/04, filetype = exe, author = Kevin Breen <kevin@techanarchy.net>, maltype = Remote Access Trojan, ref = http://malwareconfig.com/stats/NanoCore

Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'CreateDecryptor'
Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqVxXNKnhAcArgJoGGYXiyyQu003du003d.cs	Cryptographic APIs: 'TransformFinalBlock'

Source: classification engine

Classification label: mal100.troj.evad.winEXE@18/19@18/2

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_058A10DA AdjustTokenPrivileges,		12_2_058A10DA
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_058A10A3 AdjustTokenPrivileges,		12_2_058A10A3

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

File created: C:\Program Files (x86)\DHCP Monitor

Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File created: C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4812:120:WilError_01
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Mutant created: \Sessions\1\BaseNamedObjects\hRCpSYCzgUPZGUd
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:404:120:WilError_01
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6752:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\.net clr networking
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6100:120:WilError_01
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\{282cf72b-8a92-4c1b-b768-b591a1e0306c}

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File created: C:\Users\user\AppData\Local\Temp\tmpE049.tmp

Jump to behavior

Source: wDIaJji4Vv.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Section loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9603718106bd57ecfbb18fefd769cab4\mscorlib.ni.dll
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Section loaded: C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO PublisherMembershipCondition VALUES(@modelo, @fabricante, @ano, @cor);
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: INSERT INTO Itens_Aluguel VALUES(@aluguelID, @aviaoID, @validade);
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: Insert into Clientes values (@nome, @cpf, @rg, @cidade, @endereco, @uf, @telefone);
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: Select * from PublisherMembershipCondition WHERE modelo=@modelo;zDeu erro na execu

Source: wDIaJji4Vv.exe	Virustotal: Detection: 60%
Source: wDIaJji4Vv.exe	ReversingLabs: Detection: 25%

Source: wDIaJji4Vv.exe	String found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
Source: wDIaJji4Vv.exe	String found in binary or memory: es>false</DisallowStartIfOnBatteries> <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries> <AllowHardTerminate>false</AllowHardTerminate> <StartWhenAvailable>true</StartWhenAvailable> <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvail
Source: wDIaJji4Vv.exe	String found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle
Source: wDIaJji4Vv.exe	String found in binary or memory: ble> <IdleSettings> <StopOnIdleEnd>true</StopOnIdleEnd> <RestartOnIdle>false</RestartOnIdle> </IdleSettings> <AllowStartOnDemand>true</AllowStartOnDemand> <Enabled>true</Enabled> <Hidden>false</Hidden> <RunOnlyIfIdle

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File read: C:\Users\user\Desktop\wDIaJji4Vv.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\wDIaJji4Vv.exe 'C:\Users\user\Desktop\wDIaJji4Vv.exe'
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp'
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe'
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Source: unknown	Process created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe 'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll

Jump to behavior

Source: wDIaJji4Vv.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File opened: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.9445_none_d08c58b4442ba54f\MSVCR80.dll

Jump to behavior

Source: wDIaJji4Vv.exe

Static PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT

Source:	Binary string: C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.pdb_RO source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: System.pdbL source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\MyNanoCore RemoteScripting\MyClientPlugin\obj\Debug\MyClientPluginNew.pdb source: RegSvcs.exe, 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp
Source:	Binary string: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.pdb source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: System.EnterpriseServices.Wrapper.pdb source: dhcpmon.exe, 0000000E.00000002.253699119.0000000004FA0000.00000002.00000001.sdmp
Source:	Binary string: C:\Windows\dll\System.pdbws source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: indows\System.pdbpdbtem.pdbE= source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: indows\RegSvcs.pdbpdbvcs.pdb source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: C:\Windows\symbols\exe\RegSvcs.pdb source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: RegSvcs.pdb source: dhcpmon.exe, dhcpmon.exe.12.dr
Source:	Binary string: C:\Users\Liam\Downloads\NanoCoreSwiss\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp
Source:	Binary string: C:\Users\Liam\Documents\Visual Studio 2013\Projects\NanoCoreStressTester\NanoCoreStressTester\obj\Debug\NanoCoreStressTester.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp
Source:	Binary string: G:\Users\Andy\Documents\Visual Studio 2013\Projects\NanocoreBasicPlugin\NanoCoreBase\obj\Debug\NanoCoreBase.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp
Source:	Binary string: P:\Visual Studio Projects\Projects 15\NanoNana\MyClientPlugin\obj\Debug\MyClientPlugin.pdb source: RegSvcs.exe, 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp
Source:	Binary string: System.pdbX source: RegSvcs.exe, 0000000C.00000002.475547237.0000000003125000.00000004.00000040.sdmp
Source:	Binary string: mscorrc.pdb source: wDIaJji4Vv.exe, 00000000.00000002.224866978.00000000053A0000.00000002.00000001.sdmp, RegSvcs.exe, 0000000C.00000002.483961085.0000000005BC0000.00000002.00000001.sdmp
Source:	Binary string: C:\Users\Cole\Documents\Visual Studio 2013\Projects\FileBrowserPlugin\FileBrowserClient\obj\Debug\FileBrowserClient.pdb source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp

Data Obfuscation:

.NET source code contains potential unpacker

Show sources

Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqjIje6jGWLd2EOkfZXKqBbgu003du003d.cs	.Net Code: #=q_FL69pQf17BUSAFbWYu1SStMAbdu$R1GJ8VY8UL5_EA= System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqxoz66kOqvxr21iYXZYXWiumy9eZGwFWaiX4C5X8aecUu003d.cs	.Net Code: #=qKU0J1fiP8KA33eFK1owekQ== System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_009A8349 push es; ret	0_2_009A8364
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_009A3CE3 push 73060000h; iretd	0_2_009A3D3B
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_009A8366 push es; ret	0_2_009A8370
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Code function: 0_2_05827D88 push 28000012h; retf	0_2_05827D9E
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_030681F0 push eax; iretd	12_2_030681F1
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_030674AC push ecx; ret	12_2_030674AD
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_030674B8 push ebp; ret	12_2_030674B9
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_03069D78 pushad ; retf	12_2_03069D79
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_06B38380 push es; ret	12_2_06B38390

Source: initial sample	Static PE information: section name: .text entropy: 7.08932149094
Source: initial sample	Static PE information: section name: .text entropy: 7.08932149094

Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqJT4I5hOweIku0024xYFEeDszbikglXCuquUdu0024v9AXtyq2nsu003d.cs	High entropy of concatenated method names: '#=qBeOBlH6CwHFnQdZWWBgZ_pemudZ6CfCVcfOQtgpeG$Y=', '#=q5v5cLSMFBaxiTtOEjscx86gN2ozXlfytiL6UmXnyWtg=', '#=q_XA5h2lVGHLcY9dK754wKGrOjAm6aBbwPxcUJXgJThJUz83kMbCL53G5uuOLP6Rq', '#=qIFfr$DrKqIieRc688$vylAlBsEnx9Z3$TxvrDsPURfM=', '#=qejgvNXJQvgM2GomZsygLjreyguSPQ29pQHqjR_a0dWk=', '#=qCGokdf0OOxeMJLDkXSfc3NPmwygIQ29RjKQWj$wbNGB9C1pPgma_891QiNyTRXcA', '#=qDqyUVyJLXCtYqhZ0$opqkomqhUBn2WCeEEvGAXlNQ$I=', '#=qdImPAY1o3YhbLtukwCQ91cISaeIEWRKSYrGZ3dTVnkY=', '#=qza7O1AHrroJC7yRIJz4wINR_Sgo4hDpQrj_OYfIrlJE=', '#=q6Ct3QmvVLFC7my$dL1uEiHGmXJ5qCuK4WIhDwfhPTFs='
Source: 12.2.RegSvcs.exe.400000.0.unpack, u0023u003dqWrm21vQ8CBMZP_RBTwpusAu003du003d.cs	High entropy of concatenated method names: '#=qCgU$tDqtOAyz2b$RwfSF7UzBcCAr0rFJWxm16x7Lre0=', '#=qeD3MBfedCIuKIQf9V1u2N3YS4VXE_FOHqw_XAjWtZK8=', '#=q$mvEHEBkZud$AdHPWqsMQnw5Xm5sD4vBSSmqrKuXGOk=', '#=qZaN94n8dM6tBEf$qCdY2kbTZb5BOW8Z134$2tNv7EJs=', '#=qtlZnL8mho$rv1eTFz0Mw9UYFC_yCabEZ0xtVePn6wR5aSHE7ti3UfKg2l7D0_xk8', '#=qVS$QmQjvFfsXSqQAKGSl6HGbkse2SG0XCab4upVjtRJkvhTEk$oIS2I9Zja7id1Q', '#=qxJg7RxTW1v5mnt12xXeJiYJv_bcctbtL2BCD5MjDi45Hlz6t8vwDNTv1Rv7tgIct', '#=qp$ZVC1r9spi890l$D7IwEd3faoKeWHvv42mVq8wIIWM=', '#=qCoWHlVuoVRMkOzC7RZubJCslkxaEWn9yZiIydECf69$ktj0IPD5wAwC2H5Cc8C$L', '#=qqs1moO$mYaS72OXOWe0Z6GycslEb6e9Ipoy7ppW0O5abIp05ajv8doqdJZHlN3cK'

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	File created: C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe			Jump to dropped file
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	File created: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe			Jump to dropped file

Boot Survival:

Uses schtasks.exe or at.exe to add and modify task schedules

Show sources

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp'

Hooking and other Techniques for Hiding and Protection:

Hides that the sample has been downloaded from the Internet (zone.identifier)

Show sources

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

File opened: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe:Zone.Identifier read attributes | delete

Jump to behavior

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe

Registry key monitored for changes: HKEY_CURRENT_USER_Classes

Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion:

Yara detected AntiVM3

Show sources

Source: Yara match	File source: 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.3199378.1.raw.unpack, type: UNPACKEDPE

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Show sources

Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: SBIEDLL.DLL
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

File opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}

Jump to behavior

Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe

Code function: 14_2_029B0DD0 sgdt fword ptr [eax]

14_2_029B0DD0

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Code function: 0_2_009A789B sldt word ptr [eax]

0_2_009A789B

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6557	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 413	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 6128	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Window / User API: threadDelayed 491	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Window / User API: foregroundWindowGot 895	Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe TID: 2628	Thread sleep time: -100084s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe TID: 5376	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7128	Thread sleep time: -13835058055282155s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6216	Thread sleep count: 6128 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6216	Thread sleep count: 491 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6316	Thread sleep count: 49 > 30	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7148	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe TID: 6808	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Code function: 12_2_058A0D66 GetSystemInfo,

12_2_058A0D66

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Thread delayed: delay time: 100084	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Thread delayed: delay time: 922337203685477

Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: VMware SVGA IIBAdd-MpPreference -ExclusionPath "
Source: powershell.exe, 00000007.00000003.316316992.000000000532D000.00000004.00000001.sdmp	Binary or memory string: Hyper-V
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
Source: powershell.exe, 00000007.00000003.316316992.000000000532D000.00000004.00000001.sdmp	Binary or memory string: il:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
Source: RegSvcs.exe, 0000000C.00000002.485335487.00000000069F0000.00000002.00000001.sdmp	Binary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: vmware
Source: RegSvcs.exe, 0000000C.00000002.485335487.00000000069F0000.00000002.00000001.sdmp	Binary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
Source: RegSvcs.exe, 0000000C.00000002.485335487.00000000069F0000.00000002.00000001.sdmp	Binary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
Source: wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	Binary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
Source: RegSvcs.exe, 0000000C.00000002.485335487.00000000069F0000.00000002.00000001.sdmp	Binary or memory string: An unknown internal message was received by the Hyper-V Compute Service.

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Process token adjusted: Debug	Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion:

Adds a directory exclusion to Windows Defender

Show sources

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe'
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe'
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe'	Jump to behavior

Allocates memory in foreign processes

Show sources

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Memory allocated: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 protect: page execute and read and write

Jump to behavior

Injects a PE file into a foreign processes

Show sources

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Show sources

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 400000	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 402000	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 420000	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 422000	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe base: 1063008	Jump to behavior

Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe'	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior
Source: C:\Users\user\Desktop\wDIaJji4Vv.exe	Process created: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Jump to behavior

Source: RegSvcs.exe, 0000000C.00000002.480820587.0000000003720000.00000004.00000001.sdmp	Binary or memory string: Program ManagerH
Source: RegSvcs.exe, 0000000C.00000002.485044558.00000000068F0000.00000004.00000001.sdmp	Binary or memory string: Program Manager
Source: RegSvcs.exe, 0000000C.00000002.473980731.0000000001C40000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: RegSvcs.exe, 0000000C.00000002.473980731.0000000001C40000.00000002.00000001.sdmp	Binary or memory string: Progman
Source: RegSvcs.exe, 0000000C.00000002.473980731.0000000001C40000.00000002.00000001.sdmp	Binary or memory string: Progmanlock
Source: RegSvcs.exe, 0000000C.00000002.480310164.0000000003664000.00000004.00000001.sdmp	Binary or memory string: Program Managerr

Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformation	Jump to behavior
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	Queries volume information: C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiVirusProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM AntiSpywareProduct
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	WMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT DisplayName FROM FirewallProduct

Stealing of Sensitive Information:

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY
Source: Yara match	File source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE

Remote Access Functionality:

Detected Nanocore Rat

Show sources

Source: wDIaJji4Vv.exe, 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp	String found in binary or memory: NanoCore.ClientPluginHost
Source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreBase.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreBaseClientPluginCommandHandlerResourcesNanoCoreBase.My.ResourcesMySettingsMySettingsPropertyCommandsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketHandleCommandHandleCommandOpenWebsiteHandleCommandMessageBoxSwapMouseButtonfSwapuser32.dllHandleCommandMouseSwapHandleCommandMouseUnswapmciSendStringlpszCommandlpszReturnStringcchReturnLengthhwndCallbackwinmm.dllmciSendStringAHandleCommandCDTrayHandleCommandCDTrayCloseSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__OpenWebsiteMessageBoxCDTrayCDTrayCloseMouseSwapMouseUnswapSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeSendToServerParamArrayAttributeStringProcessStartSystem.Windows.FormsDialogResultShowConversionsReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedNanoCoreBase.Resources.resourcesDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeNanoCoreBase.dll+set CDAudio door open/set CDAudio door closed-NanoCoreBase.Resources3
Source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationFileBrowserClient.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainFileBrowserClientClientPluginCommandHandlersResourcesFileBrowserClient.My.ResourcesMySettingsMySettingsPropertyFunctionsCommandTypesMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostCurrentDirectoryInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHost_networkHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleCreateDirectoryremoteDirHandleDeleteFileremoteFileisDirectoryHandleOpenFileHandleReceiveFilelocalFileHandleRenameFilenewFileNameHandleSetCurrentDirectorypathHandleDeleteHandleDownloadHandleDrivesHandleFilesHandleGetCurrentDirectoryHandleMachineNameHandleOpenHandleSetCurrentDirectoryPacketHandleUploadHandleRenameHandleCreateSendCurrentDirectorySendDrivesSendFileSendFilesSendMachineNameSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CulturevalueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsSystem.Collections.GenericList`1RemoteFilesRemoteFoldersRemoteDrivesEnumerateRemoteFilesEnumerateRemoteDrivesLogMessagemessageEnumvalue__MachineNameDrivesFilesGetCurrentDirectorySetCurrentDirectoryDownloadUploadOpenDeleteCreateDirectoryRenameSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeEnvironmentSpecialFolderGetFolderPathStringFormatSystem.IODirectoryDirectoryInfoProjectDataExceptionSetProjectErrorClearProjectErrorFileLogClientExceptionProcessStartConvertFromBase64StringWriteAllBytesMoveSendToServerConversionsToBooleanInt32NewLateBindingLateIndexGetEnumeratorEmptyGetEnumeratorget_CurrentTrimConcatMoveNextIDisposableDisposeReadAllBytesToBase64StringIsNullOrEmptyget_MachineNameToUpperget_UserNameReferenceEqualsSystem.ReflectionAssemblyget_AssemblyCompilerGeneratedAttributeSettingsBaseSynchronizedFileInfoFileSystemInfoget_FullNameContainsGetDirectoriesget_NameAddGetF
Source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationMyClientPlugin.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainMyClientPluginClientPluginMiscCommandHandlerCommandTypeMiscCommandMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostInitializePluginNanoCore.ClientPluginIClientNetwork_loggingHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketparamsHandleMiscCommandHandleMiscCommandMessageInterpretRecievedcommandtodoloopkeysEnumvalue__MessageStringExceptionMicrosoft.VisualBasic.CompilerServicesOperatorsCompareStringServerComputerMicrosoft.VisualBasic.MyServicesRegistryProxyget_RegistryMicrosoft.Win32RegistryKeyget_LocalMachineConcatInt32SetValueProjectDataSetProjectErrorClearProjectErrorget_LengthStandardModuleAttributeSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeDebuggableAttributeDebuggingModesCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeMyClientPlugin.dll'DisableWebcamLights
Source: RegSvcs.exe, 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCoreStressTester.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1ClientMainNanoCoreStressTesterClientPluginHTTPFloodSlowLorisSYNFloodTCPNanoCoreStressTester.FloodUDPSendSynCommandHandlerResourcesNanoCoreStressTester.My.ResourcesMySettingsMySettingsPropertyCommandsMethodsMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceNanoCore.ClientPluginHostIClientLoggingHostLoggingHostIClientNetworkHostNetworkHostIClientDataHostDataHostClientGUIDSendCommandparamsInitializePluginNanoCore.ClientPluginIClientNetwork_networkhost_loggingHost_DataHostBuildingHostCacheConnectionFailedhostportConnectionStateChangedconnectedPipeClosedpipeNamePipeCreatedReadPacketStartHostToAttackArrayUploadDataSiteUserAgentRefererValuesGeneratecodelengthSystem.ThreadingThreadThreadsPortToAttackTimeToAttackThreadstoUseThreadsEndedattacksAttackRunningFloodnewHostnewPortnewTimenewThreadslolStopSlowlorisStressThreadStart_floodingJob_floodingThreadSystem.NetIPEndPoint_ipEo_synClassHostIsEnabledPortSuperSynSocketsStartSuperSynStopSuperSynSystem.Net.SocketsSocketClientIPPacketsPacketSizeMaxPacketsStopFloodmPacketspSize_sockipEosuperSynSockets__1IAsyncResultOnConnectarSendFloodingstopHTTPBytesSentSYNConnectionsHTTPDataSentMethodTargetAddressTargetStatusupdateBytesnewSYNFloodHandleDDOSCommandHandleStopCommandSystem.TimersElapsedEventArgsbytesTimerElapsedsourceeHandleHTTPCommandHandleSlowlorisCommandHandleTCPCommandHandleUDPCommandHandleSYNCommandSystem.ResourcesResourceManagerresourceManSystem.GlobalizationCultureInforesourceCultureget_ResourceManagerget_Cultureset_CultureValueCultureSystem.ConfigurationApplicationSettingsBasedefaultInstanceget_DefaultDefaultget_SettingsSettingsEnumvalue__sendStressCommandupdateStatusColumnstopStressCommandHTTPSlowlorisSYNSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerNonUserCodeAttributeDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeExceptionSendToServerProjectDataSetProjectErrorClearProjectErrorTimerNanoCoreIClientNameObjectCollectionget_VariablesGetValueset_Intervalset_EnabledElapsedEventHandleradd_ElapsedParamArrayAttributeRandomGuidStringIsNullOrEmptyArgumentNullExceptionArgumentOutOfRangeExce
Source: RegSvcs.exe, 0000000C.00000002.479749110.0000000003611000.00000004.00000001.sdmp	String found in binary or memory: <Module>mscorlibMicrosoft.VisualBasicMyApplicationNanoCore.MyMyComputerMyProjectMyWebServicesThreadSafeObjectProvider`1IClientNetworkNanoCore.ClientPluginIClientDataIClientAppIClientDataHostNanoCore.ClientPluginHostIClientNetworkHostIClientUIHostIClientLoggingHostIClientAppHostIClientNameObjectCollectionNanoCoreIClientReadOnlyNameObjectCollectionClientInvokeDelegateMicrosoft.VisualBasic.ApplicationServicesApplicationBase.ctorMicrosoft.VisualBasic.DevicesComputerSystemObject.cctorget_Computerm_ComputerObjectProviderget_Applicationm_AppObjectProviderUserget_Userm_UserObjectProviderget_WebServicesm_MyWebServicesObjectProviderApplicationWebServicesEqualsoGetHashCodeTypeGetTypeToStringCreate__Instance__TinstanceDispose__Instance__get_GetInstanceMicrosoft.VisualBasic.MyServices.InternalContextValue`1m_ContextGetInstanceReadPacketpipeNameparamsPipeCreatedPipeClosedConnectionStateChangedconnectedConnectionFailedhostportBuildingHostCacheVariableChangednameClientSettingChangedPluginUninstallingClientUninstallingget_Variablesget_ClientSettingsget_BuilderSettingsVariablesClientSettingsBuilderSettingsget_ConnectedClosePipePipeExistsRebuildHostCacheAddHostEntryDisconnectSendToServercompressConnectedInvokemethodstateLogClientMessagemessageExceptionLogClientExceptionexsiteRestartShutdownDisableProtectionRestoreProtectionUninstallEntryExistsSystem.Collections.GenericKeyValuePair`2GetEntriesGetValuedefaultValueSetValuevalueRemoveValueMulticastDelegateTargetObjectTargetMethodIAsyncResultAsyncCallbackBeginInvokeDelegateCallbackDelegateAsyncStateEndInvokeDelegateAsyncResultSystem.ComponentModelEditorBrowsableAttributeEditorBrowsableStateSystem.CodeDom.CompilerGeneratedCodeAttributeSystem.DiagnosticsDebuggerHiddenAttributeMicrosoft.VisualBasic.CompilerServicesStandardModuleAttributeHideModuleNameAttributeSystem.ComponentModel.DesignHelpKeywordAttributeSystem.Runtime.CompilerServicesRuntimeHelpersGetObjectValueRuntimeTypeHandleGetTypeFromHandleActivatorCreateInstanceMyGroupCollectionAttributeget_Valueset_ValueSystem.Runtime.InteropServicesComVisibleAttributeParamArrayAttributeCompilationRelaxationsAttributeRuntimeCompatibilityAttributeSystem.ReflectionAssemblyFileVersionAttributeGuidAttributeAssemblyTrademarkAttributeAssemblyCopyrightAttributeAssemblyProductAttributeAssemblyCompanyAttributeAssemblyDescriptionAttributeAssemblyTitleAttributeClientPluginClientPlugin.dll

Yara detected Nanocore RAT

Show sources

Source: Yara match	File source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: wDIaJji4Vv.exe PID: 2788, type: MEMORY
Source: Yara match	File source: Process Memory Space: RegSvcs.exe PID: 6228, type: MEMORY
Source: Yara match	File source: 12.2.RegSvcs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4262458.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec0000.18.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.467b529.8.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.4202638.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.wDIaJji4Vv.exe.435a108.4.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.4676f00.9.unpack, type: UNPACKEDPE
Source: Yara match	File source: 12.2.RegSvcs.exe.5ec4629.17.raw.unpack, type: UNPACKEDPE

Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_058A262A bind,		12_2_058A262A
Source: C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe	Code function: 12_2_058A25D8 bind,		12_2_058A25D8

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Scheduled Task/Job1	Access Token Manipulation1	Disable or Modify Tools11	Input Capture21	File and Directory Discovery1	Remote Services	Archive Collected Data11	Exfiltration Over Other Network Medium	Ingress Tool Transfer1	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Command and Scripting Interpreter2	Boot or Logon Initialization Scripts	Process Injection312	Deobfuscate/Decode Files or Information1	LSASS Memory	System Information Discovery13	Remote Desktop Protocol	Input Capture21	Exfiltration Over Bluetooth	Encrypted Channel1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Scheduled Task/Job1	Logon Script (Windows)	Scheduled Task/Job1	Obfuscated Files or Information3	Security Account Manager	Query Registry1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Standard Port1	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing12	NTDS	Security Software Discovery221	Distributed Component Object Model	Input Capture	Scheduled Transfer	Remote Access Software1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Masquerading2	LSA Secrets	Process Discovery2	SSH	Keylogging	Data Transfer Size Limits	Non-Application Layer Protocol1	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Virtualization/Sandbox Evasion51	Cached Domain Credentials	Virtualization/Sandbox Evasion51	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Application Layer Protocol21	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Access Token Manipulation1	DCSync	Application Window Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection312	Proc Filesystem	Network Service Scanning	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Hidden Files and Directories1	/etc/passwd and /etc/shadow	System Network Connections Discovery	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
wDIaJji4Vv.exe	61%	Virustotal		Browse
wDIaJji4Vv.exe	26%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla
wDIaJji4Vv.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe	100%	Joe Sandbox ML
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	0%	Metadefender		Browse
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	0%	ReversingLabs
C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe	26%	ReversingLabs	ByteCode-MSIL.Trojan.AgentTesla

Unpacked PE Files

Source	Detection	Scanner	Label	Download
12.2.RegSvcs.exe.400000.0.unpack	100%	Avira	TR/Dropper.MSIL.Gen7	Download File
12.2.RegSvcs.exe.5ec0000.18.unpack	100%	Avira	TR/NanoCore.fadte	Download File
12.2.RegSvcs.exe.4676f00.9.unpack	100%	Avira	TR/NanoCore.fadte	Download File

Domains

Source	Detection	Scanner	Label	Link
james12.ddns.net	5%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://go.microX%	0%	Avira URL Cloud	safe
james12.ddns.net	0%	Avira URL Cloud	safe
127.0.0.1	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
james12.ddns.net	79.134.225.7	true	true	5%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
james12.ddns.net	true	Avira URL Cloud: safe	unknown
127.0.0.1	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://go.microX%	powershell.exe, 00000002.00000003.278956963.00000000053E8000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
http://www.fileden.com/files/2011/10/5/3204996/curver.txt	wDIaJji4Vv.exe	false		high
https://stackpath.bootstrapcdn.com/bootstrap/4.5.0/css/bootstrap.min.css	wDIaJji4Vv.exe, 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
79.134.225.7	james12.ddns.net	Switzerland		6775	FINK-TELECOM-SERVICESCH	true

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	31.0.0 Emerald
Analysis ID:	381644
Start date:	04.04.2021
Start time:	02:35:32
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 50s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	wDIaJji4Vv.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	40
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.evad.winEXE@18/19@18/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 3.4% (good quality ratio 3.1%) Quality average: 76.6% Quality standard deviation: 28.2%
HCA Information:	Successful, ratio: 86% Number of executed functions: 424 Number of non-executed functions: 6
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information. Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, WmiPrvSE.exe, svchost.exe, UsoClient.exe, wuapihost.exe Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
02:36:20	API Interceptor	2x Sleep call for process: wDIaJji4Vv.exe modified
02:36:26	API Interceptor	938x Sleep call for process: RegSvcs.exe modified
02:36:31	Autostart	Run: HKLM\Software\Microsoft\Windows\CurrentVersion\Run DHCP Monitor C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
02:36:49	API Interceptor	75x Sleep call for process: powershell.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
79.134.225.7	hbvo9thTAX.exe	Get hash	malicious	Browse
	IMG_110_63_078SWIFT.exe	Get hash	malicious	Browse
	PO-290321 (Itakrom).pif.exe	Get hash	malicious	Browse
	PURCHASE ORDER EXPORT0022355048 SCAN DOC_PDF.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.PackedNET.568.10707.exe	Get hash	malicious	Browse
	PO_1012_678_91.exe	Get hash	malicious	Browse
	PO_1012_678_91.doc	Get hash	malicious	Browse
	DrECSIMeTu.exe	Get hash	malicious	Browse
	PI_061_Scanned_02.exe	Get hash	malicious	Browse
	Transacion_CUS_REF_referencia es 000008223084566.vbe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
james12.ddns.net	hbvo9thTAX.exe	Get hash	malicious	Browse	79.134.225.7
james12.ddns.net	PURCHASE ORDER EXPORT0022355048 SCAN DOC_PDF.exe	Get hash	malicious	Browse	79.134.225.7

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
FINK-TELECOM-SERVICESCH	DkZY1k3y9F.exe	Get hash	malicious	Browse	79.134.225.23
	hbvo9thTAX.exe	Get hash	malicious	Browse	79.134.225.7
	SCAN ORDER DOC 040202021.exe	Get hash	malicious	Browse	79.134.225.71
	Waybill Doc_pdf.exe	Get hash	malicious	Browse	79.134.225.92
	gfcYixSdyD.exe	Get hash	malicious	Browse	79.134.225.71
	cJtVGjtNGZ.exe	Get hash	malicious	Browse	79.134.225.40
	Transferwise beneficiary detailspdf.exe	Get hash	malicious	Browse	79.134.225.22
	NS 001 DOP IPS ORIENTATIONS.doc	Get hash	malicious	Browse	79.134.225.73
	cp.msi.exe	Get hash	malicious	Browse	79.134.225.109
	ot.msi	Get hash	malicious	Browse	79.134.225.109
	dd.exe	Get hash	malicious	Browse	79.134.225.109
	IMG_110_63_078SWIFT.exe	Get hash	malicious	Browse	79.134.225.7
	yQY73z6zaP.exe	Get hash	malicious	Browse	79.134.225.25
	SOA6058.exe	Get hash	malicious	Browse	79.134.225.79
	PO-290321 (Itakrom).pif.exe	Get hash	malicious	Browse	79.134.225.7
	RFQ234.exe	Get hash	malicious	Browse	79.134.225.124
	EUjk8F87b8.exe	Get hash	malicious	Browse	79.134.225.82
	rgGyG2iLnd.exe	Get hash	malicious	Browse	79.134.225.22
	SCN-PV21-00920 P NEW ORDER.exe	Get hash	malicious	Browse	79.134.225.23
	jnHnxgMde8.exe	Get hash	malicious	Browse	79.134.225.54

JA3 Fingerprints

No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe	cJtVGjtNGZ.exe	Get hash	malicious	Browse
	Bilansno placanje.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.Inject4.9647.20479.exe	Get hash	malicious	Browse
	wnIPBdB5OF.exe	Get hash	malicious	Browse
	Delivery Form C.exe	Get hash	malicious	Browse
	h6uc8EaDQX.exe	Get hash	malicious	Browse
	3aDHivUqWtumbXb.exe	Get hash	malicious	Browse
	fMy120EQiT6NaRd.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Bulz.394792.29952.exe	Get hash	malicious	Browse
	SecuriteInfo.com.Trojan.PackedNET.578.18498.exe	Get hash	malicious	Browse
	sfTZCyMKuC.exe	Get hash	malicious	Browse
	y9Rtu1cnBk.exe	Get hash	malicious	Browse
	Ixli7b5j6A.exe	Get hash	malicious	Browse
	nq0aCrCXyE.exe	Get hash	malicious	Browse
	73SriHObnQ.exe	Get hash	malicious	Browse
	0672IMP000158021.pdf.exe	Get hash	malicious	Browse
	rb86llCYzA.exe	Get hash	malicious	Browse
	C3GWn5tduT.exe	Get hash	malicious	Browse
	uB8OTxUd3O.exe	Get hash	malicious	Browse
	NNb2NBgsob.exe	Get hash	malicious	Browse

Created / dropped Files

C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
File Type:	PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	3.7515815714465193
Encrypted:	false
SSDEEP:	384:BOj9Y8/gS7SDriLGKq1MHR5U4Ag6ihJSxUCR1rgCPKabK2t0X5P7DZ+JgWSW72uw:B+gSAdN1MH3HAFRJngW2u
MD5:	71369277D09DA0830C8C59F9E22BB23A
SHA1:	37F9781314F0F6B7E9CB529A573F2B1C8DE9E93F
SHA-256:	D4527B7AD2FC4778CC5BE8709C95AEA44EAC0568B367EE14F7357D72898C3698
SHA-512:	2F470383E3C796C4CF212EC280854DBB9E7E8C8010CE6857E58F8E7066D7516B7CD7039BC5C0F547E1F5C7F9F2287869ADFFB2869800B08B2982A88BE96E9FB7
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: cJtVGjtNGZ.exe, Detection: malicious, Browse Filename: Bilansno placanje.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.Inject4.9647.20479.exe, Detection: malicious, Browse Filename: wnIPBdB5OF.exe, Detection: malicious, Browse Filename: Delivery Form C.exe, Detection: malicious, Browse Filename: h6uc8EaDQX.exe, Detection: malicious, Browse Filename: 3aDHivUqWtumbXb.exe, Detection: malicious, Browse Filename: fMy120EQiT6NaRd.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Variant.Bulz.394792.29952.exe, Detection: malicious, Browse Filename: SecuriteInfo.com.Trojan.PackedNET.578.18498.exe, Detection: malicious, Browse Filename: sfTZCyMKuC.exe, Detection: malicious, Browse Filename: y9Rtu1cnBk.exe, Detection: malicious, Browse Filename: Ixli7b5j6A.exe, Detection: malicious, Browse Filename: nq0aCrCXyE.exe, Detection: malicious, Browse Filename: 73SriHObnQ.exe, Detection: malicious, Browse Filename: 0672IMP000158021.pdf.exe, Detection: malicious, Browse Filename: rb86llCYzA.exe, Detection: malicious, Browse Filename: C3GWn5tduT.exe, Detection: malicious, Browse Filename: uB8OTxUd3O.exe, Detection: malicious, Browse Filename: NNb2NBgsob.exe, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....{Z.................P... .......k... ........@.. ...............................[....@..................................k..K................................... k............................................... ............... ..H............text....K... ...P.................. ..`.rsrc................`..............@..@.reloc...............p..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\dhcpmon.exe.log Download File
Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	120
Entropy (8bit):	5.016405576253028
Encrypted:	false
SSDEEP:	3:QHXMKaoWglAFXMWA2yTMGfsbNXLVd49Am12MFuAvOAsDeieVyn:Q3LawlAFXMWTyAGCFLIP12MUAvvrs
MD5:	50DEC1858E13F033E6DCA3CBFAD5E8DE
SHA1:	79AE1E9131B0FAF215B499D2F7B4C595AA120925
SHA-256:	14A557E226E3BA8620BB3A70035E1E316F1E9FB5C9E8F74C07110EE90B8D8AE4
SHA-512:	1BD73338DF685A5B57B0546E102ECFDEE65800410D6F77845E50456AC70DE72929088AF19B59647F01CBA7A5ACFB399C52D9EF2402A9451366586862EF88E7BF
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	1,"fusion","GAC",0..2,"System.EnterpriseServices, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..

C:\Users\user\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\wDIaJji4Vv.exe.log Download File
Process:	C:\Users\user\Desktop\wDIaJji4Vv.exe
File Type:	ASCII text, with CRLF line terminators
Category:	modified
Size (bytes):	664
Entropy (8bit):	5.288448637977022
Encrypted:	false
SSDEEP:	12:Q3LaJU20NaL10Ug+9Yz9t0U29hJ5g1B0U2ukyrFk70U2xANlW3ANv:MLF20NaL3z2p29hJ5g522rW2xAi3A9
MD5:	B1DB55991C3DA14E35249AEA1BC357CA
SHA1:	0DD2D91198FDEF296441B12F1A906669B279700C
SHA-256:	34D3E48321D5010AD2BD1F3F0B728077E4F5A7F70D66FA36B57E5209580B6BDC
SHA-512:	BE38A31888C9C2F8047FA9C99672CB985179D325107514B7500DDA9523AE3E1D20B45EACC4E6C8A5D096360D0FBB98A120E63F38FFE324DF8A0559F6890CC801
Malicious:	true
Preview:	1,"fusion","GAC",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1ffc437de59fb69ba2b865ffdc98ffd1\System.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\cd7c74fce2a0eab72cd25cbe4bb61614\Microsoft.VisualBasic.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\54d944b3ca0ea1188d700fbd8089726b\System.Drawing.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\bd8d59c984c9f5f2695f64341115cdf0\System.Windows.Forms.ni.dll",0..3,"C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\35774dc3cd31b4550ab06c3354cf4ba5\System.Runtime.Remoting.ni.dll",0..

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	14734
Entropy (8bit):	4.993014478972177
Encrypted:	false
SSDEEP:	384:cBVoGIpN6KQkj2Wkjh4iUxtaKdROdBLNXp5nYoGib4J:cBV3IpNBQkj2Lh4iUxtaKdROdBLNZBYH
MD5:	8D5E194411E038C060288366D6766D3D
SHA1:	DC1A8229ED0B909042065EA69253E86E86D71C88
SHA-256:	44EEE632DEDFB83A545D8C382887DF3EE7EF551F73DD55FEDCDD8C93D390E31F
SHA-512:	21378D13D42FBFA573DE91C1D4282B03E0AA1317B0C37598110DC53900C6321DB2B9DF27B2816D6EE3B3187E54BF066A96DB9EC1FF47FF86FEA36282AB906367
Malicious:	false
Preview:	PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	data
Category:	dropped
Size (bytes):	22300
Entropy (8bit):	5.351338582008221
Encrypted:	false
SSDEEP:	384:0tCDZ5SQAlOwksxQPrSrnSZI1JNc7nudTdvHhsVq1dOE7RC:95cZ3aPrynFXSbud7sQFc
MD5:	69E02A7CA4B49DD401027C43EA3ACC33
SHA1:	F12DA082F50DEA4D52E2A0E795DC9757A66795AE
SHA-256:	ED48047BF46291E5BE1F04F40F4949D320D3AC9E05E28041D75D5094AD7550E5
SHA-512:	D9D2EBDB4247DDD9DED1B4C1192B9DEE25F9D022F8C5EF211F5F1B29AB88A0BE29E6E2F1C3A14E018819ED3C88A16A82EF7B7C95F0C6BF5CDC4D0BC755DE6894
Malicious:	false
Preview:	@...e.................................<.4............@..........D...............fZve...F.....x.)........System.Management.AutomationH...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHost4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bn2wvdhj.h2i.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jbmpopxb.30w.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_wlk4xu4b.yrc.ps1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_z5wqclte.tm2.psm1 Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	very short file (no magic)
Category:	dropped
Size (bytes):	1
Entropy (8bit):	0.0
Encrypted:	false
SSDEEP:	3:U:U
MD5:	C4CA4238A0B923820DCC509A6F75849B
SHA1:	356A192B7913B04C54574D18C28D46E6395428AB
SHA-256:	6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
SHA-512:	4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
Malicious:	false
Preview:	1

C:\Users\user\AppData\Local\Temp\tmpE049.tmp Download File
Process:	C:\Users\user\Desktop\wDIaJji4Vv.exe
File Type:	XML 1.0 document, ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1646
Entropy (8bit):	5.193316411176685
Encrypted:	false
SSDEEP:	24:2dH4+SEqC/Q7hxlNMFp1/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKBttn:cbh47TlNQ//rydbz9I3YODOLNdq3Z
MD5:	81475B9DC7593991EC02E6E7BE2610AF
SHA1:	46FA27E643B1B7D0358398E47EEBE108FC111872
SHA-256:	9B514DA0E0BA2C415F45017C7EBC71FFF68D2E558AB0752F5C4A696B77D48320
SHA-512:	DDD9275E0B3108CF8B941296158BE6FEA8A0CCC6894518A5280FCD9DCFC596C50FAB0F467D7740C6EB3CD086B124E840FB72D09CA5AFF74DE9E0547E0ED565BE
Malicious:	true
Preview:	<?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>computer\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>computer\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>computer\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\catalog.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
File Type:	data
Category:	dropped
Size (bytes):	2320
Entropy (8bit):	7.024371743172393
Encrypted:	false
SSDEEP:	48:Ik/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwfk/lCrwh:flC0IlC0IlC0IlC0IlC0IlC0IlC0IlCr
MD5:	0FBED11864C03FDED0E70014DCF84578
SHA1:	453723D938A03252F705B0A104986FE4C5CA7056
SHA-256:	70F5E49EE3091777827ED661B63842061220C899A708860986E9AA1BD87C5004
SHA-512:	DB53E3F1D18171F1D86C1B9BBF6BBD07153FC3E561834A35834BC0CA1E034FEDCD83AAAE7EDF9262C4E175C3D2287B647F55282E49627EAAF587F43714204667
Malicious:	false
Preview:	Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.....@.3..{...grv+V...B.......].P...W.4C}uL.....s~..F...}......E......E...6E.....{...{.yS...7..".hK.!.x.2..i..zJ... ....f..?._....0.:e[7w{1.!.4.....&.Gj.h\.3.A...5.x..&...i+..c(1.P..P.cLT...A.b........4h...t.+..Z\.. .i.

C:\Users\user\AppData\Roaming\D06ED635-68F6-4E9A-955C-4899F5F57B9A\run.dat Download File
Process:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
File Type:	data
Category:	dropped
Size (bytes):	8
Entropy (8bit):	3.0
Encrypted:	false
SSDEEP:	3:1Ft:1Ft
MD5:	34A1E800A67FCD879983F01E669778C6
SHA1:	95BE704EB2AB8143FFDF4CFA5C395FA3798D264B
SHA-256:	8EC741E0A64410932F16F47683C066DB038F3864F3D9A4FE670F9A57257A88E4
SHA-512:	478723D86A09BCC4A1A882E7DB8C23A85FEE3ADC26258A541DCD70DFC664CA883BA5C54E6996EBB6634EDCDFCE4AA273EFB04E305E459C29BF08C2C66BE81F14
Malicious:	true
Preview:	....M..H

C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe Download File
Process:	C:\Users\user\Desktop\wDIaJji4Vv.exe
File Type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Category:	dropped
Size (bytes):	663040
Entropy (8bit):	7.081468136241616
Encrypted:	false
SSDEEP:	12288:7XAH590sYmLTYUxkaMjOXB7jreGkclqR:y0sYmZxfMKXBXreGk8
MD5:	6A0C22A8A8D9524BA012910571B57D38
SHA1:	B75A74CA657F4940B251C5116BCF2D3A78773671
SHA-256:	CC9690DCDE0DFA23D657F84BC221296C45590B595D5CCA9131087638C35C8A8B
SHA-512:	9720EECE674DB4F0951AD212216FFBEB779097A51152587954547B5A43BEA909ADFC7F5DFDCF55E71A622E58D85329EFBB7FBAAA80E167D102DB971F31A85921
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 26%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.b`..............P......D......^.... ........@.. ....................................@.....................................O........A...................`....................................................... ............... ..H............text...d.... ...................... ..`.rsrc....A.......B..................@..@.reloc.......`......................@..B................@.......H........^...p...............'...........................................0............(....(..........(.....o..........................( ......(!......("......(#......($....N..(....o....(%....&..(&.....s'........s(........s)........s........s+............0...........~....o,....+...0...........~....o-....+...0...........~....o.....+...0...........~....o/....+...0...........~....o0....+...0..<........~.....(1.....,!r...p.....(2...o3...s4............~.....+...0......

C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe:Zone.Identifier Download File
Process:	C:\Users\user\Desktop\wDIaJji4Vv.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	26
Entropy (8bit):	3.95006375643621
Encrypted:	false
SSDEEP:	3:ggPYV:rPYV
MD5:	187F488E27DB4AF347237FE461A079AD
SHA1:	6693BA299EC1881249D59262276A0D2CB21F8E64
SHA-256:	255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
SHA-512:	89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
Malicious:	true
Preview:	[ZoneTransfer]....ZoneId=0

C:\Users\user\Documents\20210404\PowerShell_transcript.216554.9U9ReEn0.20210404023626.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5801
Entropy (8bit):	5.420714350260224
Encrypted:	false
SSDEEP:	96:BZDuhdNcqDo1ZJgZIhdNcqDo1Z+xTJjZOhdNcqDo1ZEcZZ4Zz:a
MD5:	53ECFAD9EEFAF0D056B9B22C5CDB6B0F
SHA1:	D4F2C61C73CEB67ADB247EA921CD5BF218B28685
SHA-256:	878AAD413BCF6A9FD72338EBEF774FC4EAF0F6D9C553730AFB1F9CC797B4EBB0
SHA-512:	BFE0BC0E42141B9FD089CEDCBA2F88148EAA9783721B54D09F0BD3119DCC2ACD4150FF1E18654A902AE1BFBE8B3185911222512D7B76F9C2528E48005F4DE0BF
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210404023640..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 216554 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe..Process ID: 5528..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210404023640..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe..********************..Windows PowerShell transcript start..Start time: 20210404024355..Username: computer\user..RunAs User: DESKTOP-716T77

C:\Users\user\Documents\20210404\PowerShell_transcript.216554.qbfO9BC_.20210404023623.txt Download File
Process:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
File Type:	UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category:	dropped
Size (bytes):	5733
Entropy (8bit):	5.407583532042022
Encrypted:	false
SSDEEP:	96:BZ6hdNXqDo1ZJCZ5hdNXqDo1ZZRHJjZdhdNXqDo1ZFsZZyZh:v
MD5:	5F74AC5911D8C2C21BC9A023B35EACEB
SHA1:	010002DB241B01DAA448E55198C7176FF54B3132
SHA-256:	BDF042E980D34D15FB14DA3FFD6D1BB0A63A7A2A60DE77C72F16D112F396925F
SHA-512:	DA3E639F9AD13BD9074D34DF4AB674B21FD52A25608B46A2E16162C386699F46924C27559A87B2ADBC0304855EA7F4583BFA844F22FBECED626FDFCC49CDBD82
Malicious:	false
Preview:	.********************..Windows PowerShell transcript start..Start time: 20210404023639..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 216554 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\wDIaJji4Vv.exe..Process ID: 6104..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..******************..******************..Command start time: 20210404023640..******************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\wDIaJji4Vv.exe..********************..Windows PowerShell transcript start..Start time: 20210404024000..Username: computer\user..RunAs User: computer\user..Configuration

\Device\ConDrv Download File
Process:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1145
Entropy (8bit):	4.462201512373672
Encrypted:	false
SSDEEP:	24:zKLXkzPDObntKlglUEnfQtvNuNpKOK5aM9YJC:zKL0zPDQntKKH1MqJC
MD5:	46EBEB88876A00A52CC37B1F8E0D0438
SHA1:	5E5DB352F964E5F398301662FF558BD905798A65
SHA-256:	D65BD5A6CC112838AFE8FA70BF61FD13C1313BCE3EE3E76C50E454D7B581238B
SHA-512:	E713E6F304A469FB71235C598BC7E2C6F8458ABC61DAF3D1F364F66579CAFA4A7F3023E585BDA552FB400009E7805A8CA0311A50D5EDC9C2AD2D067772A071BE
Malicious:	false
Preview:	Microsoft (R) .NET Framework Services Installation Utility Version 2.0.50727.8922..Copyright (c) Microsoft Corporation. All rights reserved.....USAGE: regsvcs.exe [options] AssemblyName..Options:.. /? or /help Display this usage message... /fc Find or create target application (default)... /c Create target application, error if it already exists... /exapp Expect an existing application... /tlb:<tlbfile> Filename for the exported type library... /appname:<name> Use the specified name for the target application... /parname:<name> Use the specified name or id for the target partition... /extlb Use an existing type library... /reconfig Reconfigure existing target application (default)... /noreconfig Don't reconfigure existing target application... /u Uninstall target application... /nologo Suppress logo output... /quiet Suppress logo output and success output...

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Entropy (8bit):	7.081468136241616
TrID:	Win32 Executable (generic) Net Framework (10011505/4) 49.80% Win32 Executable (generic) a (10002005/4) 49.75% Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36% Windows Screen Saver (13104/52) 0.07% Generic Win/DOS Executable (2004/3) 0.01%
File name:	wDIaJji4Vv.exe
File size:	663040
MD5:	6a0c22a8a8d9524ba012910571b57d38
SHA1:	b75a74ca657f4940b251c5116bcf2d3a78773671
SHA256:	cc9690dcde0dfa23d657f84bc221296c45590b595d5cca9131087638c35c8a8b
SHA512:	9720eece674db4f0951ad212216ffbeb779097a51152587954547b5a43bea909adfc7f5dfdcf55e71a622e58d85329efbb7fbaaa80e167d102db971f31a85921
SSDEEP:	12288:7XAH590sYmLTYUxkaMjOXB7jreGkclqR:y0sYmZxfMKXBXreGk8
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...K.b`..............P......D......^.... ........@.. ....................................@................................

File Icon


Icon Hash:	716969f0f0707169

Static PE Info

General
Entrypoint:	0x49f65e
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE
DLL Characteristics:	NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x6062EC4B [Tue Mar 30 09:15:55 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:	v2.0.50727
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	f34d5f2d4577ed6d9ceec516c1f5a744

Entrypoint Preview

Instruction
jmp dword ptr [00402000h]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x9f60c	0x4f	.text
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa0000	0x41fc	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0xa6000	0xc	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x2000	0x8	.text
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x2008	0x48	.text
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x2000	0x9d664	0x9d800	False	0.668892609127	data	7.08932149094	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rsrc	0xa0000	0x41fc	0x4200	False	0.279947916667	data	3.95081352234	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0xa6000	0xc	0x200	False	0.044921875	data	0.101910425663	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type
RT_ICON	0xa0140	0x25a8	dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 16777215, next used block 16777215
RT_ICON	0xa26f8	0x10a8	dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 0, next used block 0
RT_ICON	0xa37b0	0x468	GLS_BINARY_LSB_FIRST
RT_GROUP_ICON	0xa3c28	0x30	data
RT_VERSION	0xa3c68	0x392	data
RT_MANIFEST	0xa400c	0x1ea	XML 1.0 document, UTF-8 Unicode (with BOM) text, with CRLF line terminators

Imports

DLL	Import
mscoree.dll	_CorExeMain

Version Infos

Description	Data
Translation	0x0000 0x04b0
LegalCopyright	Cut Rite
Assembly Version	5.1.7.18
InternalName	SparseArray.exe
FileVersion	5.1.7.18
CompanyName	Cut Rite
LegalTrademarks
Comments	2000 Vector RD 180
ProductName	NamespaceResolveEventArgs
ProductVersion	5.1.7.18
FileDescription	NamespaceResolveEventArgs
OriginalFilename	SparseArray.exe

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/04/21-02:36:28.240119	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	50141	37.235.1.174	192.168.2.3
04/04/21-02:36:28.615607	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49715	6060	192.168.2.3	79.134.225.7
04/04/21-02:36:35.239306	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49721	6060	192.168.2.3	79.134.225.7
04/04/21-02:36:42.976818	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49722	6060	192.168.2.3	79.134.225.7
04/04/21-02:36:49.082114	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49725	6060	192.168.2.3	79.134.225.7
04/04/21-02:36:58.478341	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49729	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:08.086676	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49730	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:14.628009	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49732	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:21.276478	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49734	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:27.574430	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49735	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:33.546247	UDP	254	DNS SPOOF query response with TTL of 1 min. and no authority	53	56338	37.235.1.174	192.168.2.3
04/04/21-02:37:33.680119	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49743	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:42.949624	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49753	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:49.167247	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49754	6060	192.168.2.3	79.134.225.7
04/04/21-02:37:55.222764	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49755	6060	192.168.2.3	79.134.225.7
04/04/21-02:38:01.360450	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49756	6060	192.168.2.3	79.134.225.7
04/04/21-02:38:07.873436	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49759	6060	192.168.2.3	79.134.225.7
04/04/21-02:38:13.888710	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49760	6060	192.168.2.3	79.134.225.7
04/04/21-02:38:21.025820	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49761	6060	192.168.2.3	79.134.225.7
04/04/21-02:38:27.399218	TCP	2025019	ET TROJAN Possible NanoCore C2 60B	49762	6060	192.168.2.3	79.134.225.7

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 4, 2021 02:36:28.250718117 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:28.389156103 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:28.389691114 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:28.615607023 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:28.767524958 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:28.798460960 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:29.217684984 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:29.351725101 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:29.776899099 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:29.910693884 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:29.911135912 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:29.911211014 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.105885983 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.249970913 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.250163078 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.438975096 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.439116955 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.439306974 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.439351082 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.497457981 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.573860884 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.574028015 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.574390888 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.575237989 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.575354099 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.575402021 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:30.575665951 CEST	6060	49715	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:30.575723886 CEST	49715	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:35.071536064 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:35.207611084 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:35.211637974 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:35.239305973 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:35.391490936 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:35.392396927 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:35.814507008 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:35.814668894 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:35.884809971 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:36.019741058 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:36.402940035 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.293689013 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.424892902 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.425476074 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.441322088 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.635685921 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.637685061 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.774050951 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.774080038 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.774139881 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.774168015 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.907398939 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.907434940 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.907515049 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.907562971 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.909529924 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:37.909603119 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:37.997713089 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:38.041229010 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:38.041361094 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:38.041763067 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:38.041857004 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:38.042584896 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:38.042658091 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:38.043587923 CEST	6060	49721	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:38.043687105 CEST	49721	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:42.831279039 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:42.965339899 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:42.965501070 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:42.976818085 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:43.145267010 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:43.145742893 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:43.480211020 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:43.481848955 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:43.619811058 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:43.620085955 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:43.956262112 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:43.957698107 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.146167040 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.146250963 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.146472931 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.146657944 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.284683943 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.286659002 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.287656069 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.287710905 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.289979935 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.290055990 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.290813923 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.292443037 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.422521114 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.422593117 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.422791958 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.423172951 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.424403906 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.424593925 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.424648046 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.428724051 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.428741932 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.428786039 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.428814888 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.429147959 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.430545092 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.430603981 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.557427883 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.557826996 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.558156013 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.558226109 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.558801889 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.559310913 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.559366941 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.560241938 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.561199903 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.561260939 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.561880112 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.561969995 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.562203884 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.562266111 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.563767910 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.563822031 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.564234018 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.564997911 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.565049887 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.565804005 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.566598892 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.566649914 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.567265987 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.567303896 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.567878962 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.567919016 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.568479061 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.568527937 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.693423033 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.694278955 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.694350958 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.694797993 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.694947004 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.695275068 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.695372105 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.696206093 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.696271896 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.696639061 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.696717024 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.697426081 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.697535038 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.698244095 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.698339939 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.698717117 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.698779106 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.699244022 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.699296951 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.700207949 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.700926065 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.700984001 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.701731920 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.702116966 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.702172995 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.702840090 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.702910900 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.703641891 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.704237938 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.704302073 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.705651045 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.706253052 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.706291914 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.706310987 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.706322908 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.706366062 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.706413984 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.706801891 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.706847906 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.707253933 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.707346916 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.707823992 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.707880020 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.708250046 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.708415031 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.708884001 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.709333897 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.709400892 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.709774971 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.709825039 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.710282087 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.710345030 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.710758924 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.711199999 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.711249113 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.711682081 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.712145090 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.827693939 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.837836027 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.837922096 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.842417955 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.842804909 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.842868090 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.843811989 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.844202995 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.844263077 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.844850063 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.844913006 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.845302105 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.845428944 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.850938082 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.851005077 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.862030029 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.862092018 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.862128019 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.862170935 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.862652063 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.862694979 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.863775015 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.863826990 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.865943909 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.866013050 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.869749069 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.869873047 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.870779991 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.872193098 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.872221947 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.872258902 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.872853994 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.872903109 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.873292923 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.873341084 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.873893976 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.873943090 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.874375105 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.874427080 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.876662970 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.876720905 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.877705097 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.878374100 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.878424883 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.879306078 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.879359961 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.879813910 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.879853010 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.880240917 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.881020069 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.881272078 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.881351948 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.883188009 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.883263111 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.883697987 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.883743048 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.884215117 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.884257078 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.884815931 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.884857893 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.885418892 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.885468006 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.885885000 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.885926008 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.887747049 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.889758110 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.889841080 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.891186953 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.891335964 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.891664028 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.891789913 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.892138958 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.892201900 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.892214060 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.892261028 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.892740011 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.892792940 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.896570921 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.897397041 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.897485018 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.897769928 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.897799969 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.897821903 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.897860050 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.898262024 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.898652077 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.898660898 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.898713112 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.899142027 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.901964903 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.903258085 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.903620958 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.903685093 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.906759024 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.906836033 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:44.907589912 CEST	6060	49722	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:44.907648087 CEST	49722	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:48.950289011 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.081015110 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:49.081245899 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.082113981 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.229156017 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:49.231091022 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.561443090 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:49.563170910 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.694825888 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:49.696223974 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.890439034 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:49.890554905 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:49.890810966 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:49.892640114 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.024967909 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.025265932 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.025748968 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.025832891 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.026709080 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.026856899 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.027295113 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.027358055 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.159864902 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.159929037 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.159965992 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.160003901 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.160013914 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.160041094 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.160072088 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.160320997 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.160376072 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.160939932 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.161761045 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.161963940 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.162024021 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.162333965 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.164668083 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.292330027 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.292423964 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.292763948 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.293039083 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.293807030 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.294286966 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.294369936 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.295283079 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.295742989 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.295819044 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.296278000 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.296684027 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.297245979 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.297676086 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.297748089 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.298240900 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.298907995 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.299163103 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.299243927 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.299758911 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.299823046 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.300395966 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.300493002 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.301333904 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.301400900 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.301759005 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.301830053 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.302275896 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.304718018 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.429029942 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.430222988 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.430803061 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.431700945 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.431783915 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.433339119 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.433854103 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.433929920 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.434233904 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.434494019 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.435214996 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.435271978 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.435729980 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.435786009 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.436867952 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.436932087 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.437172890 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.437242031 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.437813997 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.438199043 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.438275099 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.438339949 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.438813925 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.439279079 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.439347029 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.439769030 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.439842939 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.440257072 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.440692902 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.440831900 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.441823006 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.441910982 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.442243099 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.442776918 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.442837000 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.442866087 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.443130016 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.443816900 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.443898916 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.444202900 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.444291115 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.445245028 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.445735931 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.445816040 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.446336031 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.446875095 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.446958065 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.447283983 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.447428942 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.447489977 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.447654963 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.447844982 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.447926998 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.447995901 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.448286057 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.448406935 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.448693991 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.448760986 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.449021101 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.451441050 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.563941956 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.564265966 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.564407110 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.564487934 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.565802097 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.565881014 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.566268921 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.567289114 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.567404985 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.567802906 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.567873955 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.569432974 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.569511890 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.569840908 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.570354939 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.570426941 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.571373940 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.571810007 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.571887970 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.572648048 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.572880030 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.573255062 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.573319912 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.574026108 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.574088097 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.574800014 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.574853897 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.575248003 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.575303078 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.576141119 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.576216936 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.576883078 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.577224016 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.577342987 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.577871084 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.577969074 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.578325987 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.578403950 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.578775883 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.579252005 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.579269886 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.579313993 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.579808950 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.579875946 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.580168962 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.580473900 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.580543041 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.580833912 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.581366062 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.581442118 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.581819057 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.582175970 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.582245111 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.582773924 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.583296061 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.583372116 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.583900928 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.584033012 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.584376097 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.584443092 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.584774971 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.584836960 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.584980011 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.585421085 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.585496902 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.585758924 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.585803032 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.585891008 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.586020947 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.586538076 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.586611032 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.586695910 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.587021112 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.587094069 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.587403059 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.587627888 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.587698936 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.587937117 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.588382959 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.588494062 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.588555098 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.588902950 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.589088917 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.589179039 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.589447975 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.589690924 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.589732885 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.591434002 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.696405888 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.696491957 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.696542025 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.696615934 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.697552919 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.697623014 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.699492931 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.699515104 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.699573040 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.700016022 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.700315952 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.702060938 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.703078985 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.703170061 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.703435898 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.703586102 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.703655005 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.705048084 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.705518961 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.706032991 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.706095934 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.706453085 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.706526041 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.707727909 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.707859039 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.708065033 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.708121061 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.708432913 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.708502054 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.709058046 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.709141016 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.710264921 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.710520983 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.710612059 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.710947990 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.711905956 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.711981058 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.712449074 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.712510109 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.712588072 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.713128090 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.713412046 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.714068890 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.714171886 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.715085030 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.715162039 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.715574026 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.715806007 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.715886116 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.717000008 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.717022896 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.717094898 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.717369080 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.717438936 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.717490911 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.718055964 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.718152046 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.718950987 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.719330072 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.719451904 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.719629049 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.719703913 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.720031977 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.720055103 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.720112085 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.721132994 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.721204042 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.722121000 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.722265005 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.722342968 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.722385883 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.722438097 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.722491026 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.724706888 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.747075081 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.747180939 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.747742891 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.747826099 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.748059988 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.748246908 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.748583078 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.748691082 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.748996019 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.749069929 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.749351025 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.749444008 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.749557018 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.749587059 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.750180006 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.750269890 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.830924034 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.831866026 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.831976891 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.832909107 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.833519936 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.833957911 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.834041119 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.835067034 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.835249901 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.835383892 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.835453033 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.837481022 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.837582111 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.837953091 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.838350058 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.838439941 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.839026928 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.840043068 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.840142012 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.840466976 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.840714931 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.840992928 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.841552973 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.842422009 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.842488050 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.843045950 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.843157053 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.843331099 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.843424082 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.843887091 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.843957901 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.845125914 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.845484018 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.846920013 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.847033978 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.847121954 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.847520113 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.847917080 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.847995043 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.848983049 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.849006891 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.849060059 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.849095106 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.849970102 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.850049019 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.850972891 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.851480007 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.851563931 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.851996899 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.852467060 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.852535009 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.852919102 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.852989912 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.853430986 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.853487968 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.854242086 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.854326963 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.854332924 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.854414940 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.854454994 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.854512930 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.854871035 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.854943991 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.855890036 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.855906963 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.855954885 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.855986118 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.856429100 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.856578112 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.858038902 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.858354092 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.858442068 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.858947039 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.859463930 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.859530926 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.860279083 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.860368967 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.881174088 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.881987095 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.882080078 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.882942915 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.883111954 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.883191109 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.883655071 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.883806944 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.883933067 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.883995056 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.885162115 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.885229111 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.885651112 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.885982990 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.886499882 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.886568069 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.887002945 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.887135983 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.887197018 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.887542963 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.887981892 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.888053894 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.888134956 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.888187885 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.889002085 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.906164885 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.964144945 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.964287043 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.964509010 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.964602947 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.964899063 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.964968920 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.965423107 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.965492010 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.969588041 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.969687939 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.970088005 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.970144987 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.970372915 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.970449924 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.970876932 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.971390009 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.971467018 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.972573042 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.972647905 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.972958088 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.973467112 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.973543882 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.973963976 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.974031925 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.974895000 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.974976063 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.975480080 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.975632906 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.982706070 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.982733011 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.982781887 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.982803106 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.982804060 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.982852936 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.982907057 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.982927084 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.982980967 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.982996941 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.983021021 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.983048916 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.983061075 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.983074903 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.983114958 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.983130932 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.983180046 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.983444929 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.983525991 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.983925104 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.983992100 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.984328032 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.984384060 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.984883070 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.985327005 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.985408068 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.985481977 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.985537052 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.985932112 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.985987902 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.986321926 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.986373901 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.987063885 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.987124920 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.987535000 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.987582922 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.987853050 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.987900972 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.988318920 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.988760948 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.988809109 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.988862991 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.989391088 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.989459991 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.990022898 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.990047932 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.990077972 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.990094900 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.990448952 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.990922928 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.990983009 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.991358995 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.991519928 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.991930008 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.991991997 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.992357016 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.992403030 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.992964029 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.993016958 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.993422031 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.993556023 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.993794918 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.993851900 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.994323015 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.994374990 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.994395971 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.994438887 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.995034933 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.995085955 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.995342970 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.995388031 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:50.995457888 CEST	6060	49725	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:50.995503902 CEST	49725	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:55.193042040 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:58.343383074 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:58.477689028 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:58.477863073 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:58.478341103 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:58.624644041 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:58.624747038 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:58.960073948 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:58.963855982 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.098675013 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.098797083 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.431636095 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.431729078 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.624202013 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.624315977 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.624396086 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.760313988 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.760413885 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.760675907 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.760777950 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.761801958 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.761866093 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.762204885 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.762257099 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.892731905 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.893477917 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.893651962 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.893707991 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.894099951 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.894154072 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.896749973 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.896809101 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.897138119 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.897192001 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.898152113 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.898211956 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.898619890 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.898679018 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:36:59.899204016 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:36:59.899260044 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.025391102 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.025460005 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.026063919 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.026112080 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.026664019 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.026707888 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.027582884 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.027628899 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.028181076 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.028223991 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.028708935 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.028748035 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.029799938 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.029856920 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.030188084 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.030237913 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.031234980 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.031547070 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.031605005 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.032114029 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.032177925 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.033019066 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.033544064 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.033595085 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.034547091 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.034610033 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.035141945 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.035186052 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.035582066 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.035625935 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.158668995 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.158694983 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.158786058 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.160254002 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.160270929 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.160418987 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.160429001 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.161048889 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.161499023 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.161515951 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.161576033 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.162044048 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.162168026 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.163084984 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.163105965 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.163254023 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.164134026 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.164196968 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.165045977 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.165065050 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.165113926 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.166527033 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.166546106 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.166588068 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.166640043 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.167042971 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.168654919 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.168670893 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.168728113 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.169707060 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.170497894 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.170527935 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.170546055 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.170598030 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.171592951 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.171610117 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.171674967 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.172784090 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.172838926 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.173235893 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.173253059 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.173281908 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.173329115 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.173501968 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.173566103 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.174045086 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.174166918 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.174254894 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.174294949 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.174643040 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.174685001 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.174715996 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.174839020 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.175389051 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.175405025 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.175452948 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.175837040 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.175883055 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.291068077 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.291126966 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.291193962 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.292078018 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.292095900 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.292125940 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.292164087 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.295600891 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.295691013 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.297554016 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.297599077 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.298089027 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.298104048 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.298211098 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.298222065 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.299549103 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.299566984 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.299609900 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.300726891 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.300744057 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.300776005 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.300808907 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.301505089 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.301974058 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.302025080 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.303096056 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.303116083 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.303154945 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.303196907 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.304173946 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.304193974 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.304239988 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.304704905 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.304750919 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.305847883 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.305869102 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.305913925 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.307085037 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.307101011 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.307130098 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.307167053 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.308090925 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.308109045 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.308152914 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.308733940 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.308777094 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.309293985 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.309372902 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.309673071 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.309743881 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.310106993 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.310179949 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.310313940 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.310365915 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.310828924 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.310909033 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.311346054 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.311450005 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.311544895 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.311592102 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.312381983 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.312442064 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.312810898 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.312861919 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.313510895 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.313733101 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.313755989 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.313795090 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.313821077 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.314084053 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.314110041 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.314181089 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.314779997 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.314841032 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.315628052 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.315649986 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.315702915 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.316587925 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.316613913 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.316667080 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.316836119 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.316883087 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.317291021 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.317312002 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.317352057 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.317394972 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.317662001 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.317723036 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.317881107 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.317939997 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.318382025 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.318437099 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.422902107 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.423194885 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.423541069 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.423640966 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.424566031 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.425275087 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.425379038 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.425551891 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.427059889 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.427341938 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.429142952 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.429208040 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.431636095 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.431655884 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.431710005 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.435132027 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.435153008 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.435198069 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.435224056 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.436151028 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.436167955 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.436223984 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.436685085 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.436846018 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.437539101 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.437592983 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.438074112 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.438091040 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.438119888 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.438146114 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.439090014 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.439106941 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.439151049 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.440064907 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.440082073 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.440118074 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.440144062 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.441131115 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.441148996 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.441196918 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.442167997 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.442186117 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.442240000 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.443166018 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.443185091 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.443222046 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.443248034 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.444093943 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.444111109 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.444156885 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.445059061 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.445075989 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.445101976 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.445142031 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.445687056 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.445761919 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.446289062 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.446567059 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.446705103 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.446754932 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.448215961 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.448854923 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.449496984 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.449528933 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.449676037 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.449692965 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.449717999 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.450181961 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.450236082 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.451097965 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.451117039 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.451415062 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.451971054 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.451987982 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.452086926 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.452227116 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.452593088 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.452630043 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.453449965 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.453609943 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.453680992 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.454128981 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.454288006 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.454343081 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.454847097 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.454865932 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.454933882 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.467914104 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.555695057 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.555753946 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.555821896 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.558187962 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.558229923 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.558252096 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.558307886 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.561542988 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.561625004 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.563134909 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.564237118 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.564308882 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.564661980 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.564712048 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.568268061 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.568341017 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.568816900 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.568886042 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.571219921 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.571276903 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.571357012 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.571391106 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.572644949 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.572721958 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.572750092 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.572792053 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.573514938 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.573580027 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.573641062 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.574619055 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.574675083 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.574685097 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.574722052 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.575611115 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.575665951 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.575670958 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.575714111 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.576649904 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.576708078 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.576756954 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.576834917 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.577317953 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.577403069 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.577770948 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.577828884 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.578176022 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.578246117 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.578605890 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.578665972 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.580540895 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.580616951 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.580724001 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.581252098 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.581434965 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.581501007 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.583242893 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.583311081 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.584711075 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.584767103 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.584783077 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.584832907 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.585488081 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.585860968 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.585944891 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.586133003 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.586258888 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.586564064 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.586625099 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.587567091 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.587620974 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.587641001 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.587770939 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.588753939 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.588809013 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.588886023 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.589561939 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.590132952 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.590184927 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.590199947 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.590240955 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.590816021 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.590869904 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.590877056 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.590919018 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.591073036 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.591190100 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.591584921 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.591662884 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.592370987 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.592504978 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.597596884 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.597697020 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:00.603460073 CEST	6060	49729	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:00.603555918 CEST	49729	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:04.803759098 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:07.954035044 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.085469007 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:08.086188078 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.086675882 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.233685017 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:08.233944893 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.366079092 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:08.366457939 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.698690891 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:08.699105024 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.902262926 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:08.902350903 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:08.902571917 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:08.902633905 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.037206888 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.037307978 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.037677050 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.038080931 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.038566113 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.039179087 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.039247036 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.174864054 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.174949884 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.175152063 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.175679922 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.176078081 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.176141024 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.176748991 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.178215027 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.178355932 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.178433895 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.178491116 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.178580046 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.178634882 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.306716919 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.306781054 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.307729959 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.307796955 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.309915066 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.310000896 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.310642004 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.311558008 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.313404083 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.314970970 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.439912081 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.440006018 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.440298080 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.440360069 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.448103905 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.448658943 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.448757887 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.572252989 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.572339058 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.575176001 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.576242924 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.576356888 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.581330061 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.582134008 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.586340904 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.659276009 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.704930067 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.705035925 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.710144043 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.710370064 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.711098909 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.711191893 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.711791039 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.711867094 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.718980074 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.719609976 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.719748974 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.839539051 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.842344999 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.845829010 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.845910072 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.847311974 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.847399950 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.847615004 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.847734928 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.856573105 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.856610060 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.856647015 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.856678963 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.856688976 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.858361959 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.976716042 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.976852894 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.977946043 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.978941917 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.978972912 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.979027987 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.980456114 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.980526924 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.988125086 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.988215923 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.988929033 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.989017010 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.989861012 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.989938974 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:09.991940022 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:09.994353056 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.108948946 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.110363960 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.111841917 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.111905098 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.111952066 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.111984015 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.112767935 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.113043070 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.113436937 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.113508940 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.120393991 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.120853901 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.120924950 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.121988058 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.122061968 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.226710081 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.244127989 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.244225979 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.244843006 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.244914055 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.245923042 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.246001959 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.246879101 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.246932983 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.247417927 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.247469902 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.248404026 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.250422955 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.257153988 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.258393049 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.259452105 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.259566069 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:10.269269943 CEST	6060	49730	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:10.269370079 CEST	49730	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:14.427170038 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:14.560900927 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:14.561044931 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:14.628009081 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:14.776575089 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:14.776710033 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.109843016 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.109926939 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.244327068 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.244590998 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.570919037 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.571033955 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.784423113 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.784544945 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.785087109 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.785235882 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.916646957 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.917366028 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.917568922 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.917917013 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.918025017 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:15.918344021 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:15.991327047 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.060894012 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.062890053 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.065879107 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.065970898 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.066145897 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.066204071 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.067356110 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.068192005 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.068304062 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.068622112 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.068685055 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.195229053 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.195272923 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.195338964 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.195375919 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.196696997 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.196778059 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.196800947 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.196850061 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.198597908 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.198676109 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.199292898 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.199481010 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.199542999 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.200651884 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.200731039 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.201168060 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.201751947 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.201826096 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.202497005 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.202563047 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.203516006 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.203573942 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.203939915 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.203999996 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.204716921 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.204875946 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.348062038 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.348222017 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.348439932 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.348536968 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.348824978 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.348916054 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.349947929 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.350012064 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.350397110 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.350472927 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.350980043 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.351073027 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.351823092 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.351916075 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.352380037 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.352838993 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.352902889 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.353919983 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.353984118 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.354376078 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.354434967 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.354938030 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.355038881 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.355940104 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.356005907 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.356458902 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.356904984 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.356939077 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.356997013 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.357460022 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.357537985 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.358405113 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.358469963 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.358971119 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.359543085 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.361054897 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.361128092 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.361480951 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.362406015 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.362452984 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.362482071 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.362828016 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.362896919 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.363352060 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.363415956 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.364434958 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.364556074 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.365108967 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.365216017 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.365885019 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.366066933 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.366086006 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.366137028 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.454823971 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.480074883 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.482021093 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.482146978 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.482316017 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.482388020 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.482978106 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.483450890 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.483520985 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.483812094 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.483896971 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.484425068 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.484508991 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.484762907 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.484832048 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.485404968 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.485491991 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.486433983 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.486511946 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.486933947 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.487493992 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.487565041 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.487890005 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.487947941 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.488359928 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.488420963 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.489056110 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.489125967 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.489490032 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.489587069 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.492938995 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.493046045 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.493532896 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.493602037 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.494322062 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.494379044 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.494791985 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.494849920 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.495454073 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.495872974 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.495928049 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.496843100 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.496910095 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.497322083 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.497379065 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.498061895 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.498122931 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.498254061 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.498306990 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.499198914 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.499582052 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.499679089 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.499860048 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.499941111 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.500019073 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.500077009 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.500467062 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.500524044 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.500791073 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.500850916 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.501178980 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.501240969 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.501750946 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.501957893 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.502070904 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.502091885 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.502149105 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.502171040 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.502556086 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.502636909 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.503242970 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.503303051 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.503473997 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.503539085 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.503674984 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.503768921 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.504271984 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.504327059 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.504926920 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.505004883 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.505031109 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.505079985 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.505553961 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.505618095 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.505825043 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.505875111 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.505949020 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.505994081 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.513441086 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.513463020 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.513473988 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.513489008 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.513506889 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.513520002 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.513578892 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.513605118 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.585941076 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.586067915 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.615633965 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.616486073 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.616667986 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.616908073 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.616985083 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.617712975 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.617880106 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.617948055 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.618428946 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.618500948 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.622041941 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.622113943 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.622337103 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.622410059 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.624475956 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.624809980 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.624928951 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.625349045 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.625552893 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.627468109 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.627815008 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.627912045 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.628462076 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.628504992 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.628530025 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.628556013 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.628906012 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.628979921 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.629053116 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.629139900 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.629442930 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.629642010 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.629949093 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.630012989 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.630387068 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.630446911 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.631107092 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.631186008 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.631356001 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.631457090 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.633443117 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.633546114 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.634022951 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.634087086 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.634382963 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.634438038 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.634855032 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.635616064 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.635689974 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.635906935 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.635965109 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.636387110 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.636478901 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.636900902 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.636960030 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.637666941 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.637728930 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.637994051 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.638070107 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.638382912 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.638438940 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.638977051 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.639472008 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.639566898 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.640880108 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.640940905 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.641431093 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.641513109 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.642353058 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.642400026 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.642790079 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.642925024 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.643064976 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.643182993 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.643579006 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.643631935 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.643820047 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.643857002 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.643868923 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.644761086 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.645412922 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.645493984 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.646266937 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.646342039 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.646621943 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.646681070 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.647890091 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.648300886 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.648361921 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.648420095 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.648466110 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.751699924 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.751983881 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.753146887 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.753243923 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.753312111 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.753367901 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.753943920 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.753997087 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.754328966 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.754431009 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.754822969 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.754901886 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.756911039 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.757005930 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.757327080 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.757392883 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.762386084 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.762481928 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.763315916 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.764312983 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.764425039 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.764808893 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.764878035 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.765295982 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.765361071 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.765939951 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.766016960 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.766366005 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.766428947 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.766849041 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.766921043 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.767374039 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.767446041 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.767894030 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.767960072 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.768414974 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.768481016 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.768843889 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.769017935 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.769469023 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.769541979 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.770097971 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.770178080 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.770313025 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.770430088 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.902617931 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.902709961 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.902951002 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.903772116 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.903862000 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.904401064 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.904468060 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.904985905 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.905042887 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.905857086 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.905919075 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.906389952 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.906450033 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.906919003 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.907747030 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.907839060 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.908194065 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.908265114 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.908879042 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.908934116 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.909491062 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.909693956 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.910275936 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.910789967 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.910892010 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.911364079 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.911866903 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.911962986 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.912887096 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.912964106 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.913307905 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.913400888 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.913894892 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.913964033 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.914259911 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.914340019 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.914870977 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.914983988 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.915329933 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.915704966 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.915750980 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.916559935 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.916652918 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.917037010 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:16.917126894 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:16.955460072 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.035032034 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.035089016 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.035340071 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.035387039 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.035823107 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.037375927 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.037430048 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.037806988 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.037853956 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.038861036 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.038916111 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.042109966 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.042165995 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.042421103 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.042484999 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.043395996 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.043447018 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.043742895 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.043802023 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.044265985 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.044320107 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.045341969 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.045408964 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.045871019 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.045916080 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.046466112 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.046520948 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.047314882 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.047358990 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.047835112 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.047884941 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.048801899 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.048862934 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.049268007 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.049316883 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.049953938 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.050008059 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.050844908 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.051889896 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.051947117 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.052289009 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.052347898 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.052983999 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.053042889 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.053282022 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.053333998 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.053806067 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.053859949 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:17.055342913 CEST	6060	49732	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:17.055407047 CEST	49732	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:21.069308996 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:21.200396061 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:21.200830936 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:21.276478052 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:21.424196959 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:21.425188065 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:21.766340971 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:21.768348932 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:21.902525902 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:21.903307915 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.236323118 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.236448050 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.427402973 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.427607059 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.427671909 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.427737951 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.560533047 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.560601950 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.560689926 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.560741901 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.562587976 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.562663078 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.563230038 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.563297033 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.696094990 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.696204901 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.697961092 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.698031902 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.724498034 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.724586964 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.724621058 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.724673986 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.724704981 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.724719048 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.724893093 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.724953890 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.724965096 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.725022078 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.725087881 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.725148916 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.829739094 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.829864979 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.830368042 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.830456018 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.831048965 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.831132889 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.859560013 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.859643936 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.859949112 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.860007048 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.860899925 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.860965014 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.861329079 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.861387968 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.861852884 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.861921072 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.862417936 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.862478971 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.863914967 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.863980055 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.865444899 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.865520000 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.866347075 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.866413116 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.866807938 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.866864920 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.867356062 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.867409945 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.868410110 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.868480921 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.868849993 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.868910074 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.967647076 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.971503019 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.974018097 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.974164963 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.974476099 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.974546909 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.975421906 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.975488901 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.975876093 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.976043940 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.976397991 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.976494074 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.993814945 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.993911028 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.994154930 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.994950056 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.995032072 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.995445967 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.995510101 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.996125937 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.996186018 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.996889114 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.997458935 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.997522116 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.998357058 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.998416901 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.999321938 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:22.999398947 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:22.999867916 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.000967979 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.001034975 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.001307011 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.001359940 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.002032995 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.002093077 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.002342939 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.002429008 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.002777100 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.002840996 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.003360033 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.003424883 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.003947020 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.004003048 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.004508018 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.004560947 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.005342960 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.005450010 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.005955935 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.006011009 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.006433010 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.006483078 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.006864071 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.006913900 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.007441044 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.007915020 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.007972956 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.008872986 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.008922100 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.009222984 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.009273052 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.009334087 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.009380102 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.103107929 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.103527069 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.103545904 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.103615046 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.105452061 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.105990887 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.106069088 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.107012033 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.107079029 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.107343912 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.107414961 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.107990026 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.108402014 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.108493090 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.109108925 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.109193087 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.109505892 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.109579086 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.109977961 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.110045910 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.110953093 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.111022949 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.149517059 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.150001049 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.150137901 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.150605917 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.150676966 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.151119947 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.151199102 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.151947021 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.152324915 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.152435064 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.152843952 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.152904987 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.153489113 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.153564930 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.153922081 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.153990030 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.154452085 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.154517889 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.154979944 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.155040026 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.155416012 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.155926943 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.156014919 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.156419039 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.156477928 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.156892061 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.156963110 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.157373905 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.157440901 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.157849073 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.157908916 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.158425093 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.158498049 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.158898115 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.158982992 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.159612894 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.159863949 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.159945011 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.160355091 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.160423994 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.160911083 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.160981894 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.161456108 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.161531925 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.161894083 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.161962032 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.162343979 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.162431955 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.162497044 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.162575006 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.162828922 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.163176060 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.163639069 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.163913012 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.163980961 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.164547920 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.164635897 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.164752007 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.164812088 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.165433884 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.165497065 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.165810108 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.165870905 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.166436911 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.166498899 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.166867018 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.166934013 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.167403936 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.167475939 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.167906046 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.168420076 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.168502092 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.205732107 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.235321045 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.235421896 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.235749960 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.235820055 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.237440109 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.237515926 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.238091946 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.238152027 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.238449097 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.238511086 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.240369081 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.240427971 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.240458965 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.240489006 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.241082907 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.241148949 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.241353989 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.241414070 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.241923094 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.241985083 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.242445946 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.242506981 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.243343115 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.243402004 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.281660080 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.282882929 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.283072948 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.283279896 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.283368111 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.283797979 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.284394026 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.284487009 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.284797907 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.284872055 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.285495996 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.285588026 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.285953999 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.286031008 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.286433935 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.286506891 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.286962986 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.287050962 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.289361954 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.290885925 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.290966034 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.291357040 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.291429996 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.291872025 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.292473078 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.292548895 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.292871952 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.292958021 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.293416023 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.293508053 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.293917894 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.294018984 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.294343948 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.294421911 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.294850111 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.294934988 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.295936108 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.296308041 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.296396017 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.296744108 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.296818972 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.296936035 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.297007084 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.297426939 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.297501087 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.297836065 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.297903061 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.298461914 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.298543930 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.298598051 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.298666000 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.299320936 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.299438953 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.299490929 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.299993992 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.300080061 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.300658941 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.300753117 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.300841093 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.300884008 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.300919056 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.300983906 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.301419973 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.301522017 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.302033901 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.302166939 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.302298069 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.302382946 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.302891016 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.303006887 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:23.303034067 CEST	6060	49734	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:23.303134918 CEST	49734	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:27.442512989 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:27.573786020 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:27.573921919 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:27.574429989 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:27.723175049 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:27.723316908 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:28.055958033 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:28.056054115 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:28.195352077 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:28.195519924 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:28.556169033 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:28.556278944 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:28.628206968 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:28.761997938 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:29.112086058 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:29.243077040 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:29.243221998 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:29.298247099 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:29.298644066 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:29.380825996 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:29.432810068 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:29.433661938 CEST	6060	49735	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:29.433769941 CEST	49735	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:33.547703981 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:33.679539919 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:33.679636955 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:33.680119038 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:33.825735092 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:33.828490973 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.163163900 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.163497925 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.301678896 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.302241087 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.637352943 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.637480974 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.821553946 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.821743965 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.822043896 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.822144985 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.958220005 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.958283901 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.958417892 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:34.958457947 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.958498955 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:34.958575964 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.090562105 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.090660095 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.092390060 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.092458010 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.095160007 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.095187902 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.095221043 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.095237017 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.095249891 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.095274925 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.095314980 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.095325947 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.095412016 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.095621109 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.095696926 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.225822926 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.226300955 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.226397038 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.227977991 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.229830980 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.229950905 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.230695009 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.231122017 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.231254101 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.232186079 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.232527018 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.232625961 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.233187914 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.234067917 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.234260082 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.234755993 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.235594988 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.235688925 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.236006021 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.236782074 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.236870050 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.237581015 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.238044024 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.238157988 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.326431036 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.546933889 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.547036886 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.548305035 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.548322916 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.548373938 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.548402071 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.549313068 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.549438953 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.550230026 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.550295115 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.550343990 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.550403118 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.551361084 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.551433086 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.552758932 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.552829027 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.554356098 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.554420948 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.555237055 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.555314064 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.555660963 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.555727005 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.556217909 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.556282997 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.557280064 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.557339907 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.557863951 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.557929993 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.558475971 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.558535099 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.559693098 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.559756041 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.560235023 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.560298920 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.560374975 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.560432911 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.561454058 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.561522961 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.562360048 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.562386990 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.562421083 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.562447071 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.562494993 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.563186884 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.563256025 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.563594103 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.563663960 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.563932896 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.563998938 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.564271927 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.564337969 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.564997911 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.565228939 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.565233946 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.565277100 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.565304041 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.565346003 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.566483974 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.566551924 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.566612005 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.566699982 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.566701889 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.566771984 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.567118883 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.567219973 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.660022020 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.679375887 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.679514885 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.679775953 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.679856062 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.681447983 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.681541920 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.682157040 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.682219982 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.683296919 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.683366060 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.683749914 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.683836937 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.684381962 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.684456110 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.684847116 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.684925079 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.685771942 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.685854912 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.686233997 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.686356068 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.686939001 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.686990023 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.687823057 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.687884092 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.688209057 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.688271046 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.688724995 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.688791990 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.689330101 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.689393997 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.689896107 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.689959049 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.690764904 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.691181898 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.691257954 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.692157030 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.692243099 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.692267895 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.692333937 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.692789078 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.692853928 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.693761110 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.693823099 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.694190025 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.694252968 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.694770098 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.694839954 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.695225954 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.695281982 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.695914984 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.695986986 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.696152925 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.696223021 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.697017908 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.697083950 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.697110891 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.697160959 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.697351933 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.697433949 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.697777987 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.697840929 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.698484898 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.698545933 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.698724985 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.698784113 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.699074984 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.699137926 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.699264050 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.699325085 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.699711084 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.699779034 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.699995041 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.700051069 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.700356960 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.700390100 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.700422049 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.700447083 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.700750113 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.700809956 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.701277018 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.701347113 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.701792002 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.701843977 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.701945066 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.702023029 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.702224016 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.702291012 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.702338934 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.702400923 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.703068018 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.703139067 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.703203917 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.703264952 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.703524113 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.703589916 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.704262972 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.704333067 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.704442024 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.704518080 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:35.704538107 CEST	6060	49743	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:35.704595089 CEST	49743	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:39.800725937 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:42.816282034 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:42.948024035 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:42.948132038 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:42.949624062 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:43.098027945 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:43.098191023 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:43.437589884 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:43.437782049 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:43.574848890 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:43.574984074 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:43.899497986 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:43.899630070 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.088707924 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.088826895 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.088924885 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.088999987 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.221612930 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.221705914 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.222409964 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.222481966 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.222883940 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.223030090 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.223830938 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.223922968 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.354842901 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.354963064 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.355664968 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.355765104 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.357328892 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.357636929 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.357738018 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.357841969 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.357918024 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.359321117 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.359402895 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.359734058 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.359818935 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.360040903 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.360496998 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.486898899 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.487144947 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.487651110 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.487735033 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.488074064 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.488142967 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.488719940 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.488785982 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.489938021 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.490006924 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.490250111 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.490353107 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.490680933 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.490748882 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.491651058 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.491741896 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.492438078 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.492506027 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.493130922 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.493199110 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.493604898 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.493669987 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.494123936 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.494184017 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.495311975 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.495372057 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.495646954 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.495742083 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.496727943 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.496788979 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.497085094 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.497145891 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.619334936 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.619442940 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.619740009 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.619977951 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.620080948 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.620151043 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.621134996 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.621207952 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.621737957 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.622162104 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.622239113 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.622701883 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.622771025 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.623620033 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.624119997 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.624195099 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.624732018 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.624819994 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.625770092 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.625838041 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.626281023 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.626478910 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.627573967 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.627711058 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.628132105 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.629229069 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.629322052 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.629635096 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.630126953 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.630135059 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.630197048 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.630594015 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.630806923 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.631190062 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.631287098 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.632544994 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.632631063 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.632699966 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.632772923 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.633291006 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.633450031 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.633730888 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.634025097 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.634640932 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.634727955 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.635205984 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.635289907 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.635672092 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.635740042 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.636136055 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.636194944 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.636612892 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.636687994 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.637742996 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.637809038 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.638125896 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.639081955 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.639147043 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.639210939 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.639528036 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.639607906 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.640075922 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.640137911 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.751856089 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.752150059 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.752254009 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.752736092 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.752810001 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.754030943 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.754112005 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.754422903 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.754502058 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.754554033 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.754617929 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.755528927 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.755892992 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.756176949 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.756248951 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.756691933 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.756772041 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.757746935 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.757852077 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.758126974 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.758210897 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.758654118 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.759599924 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.759610891 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.759673119 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.760217905 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.760303020 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.760613918 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.760689020 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.761708975 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.761795998 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.762154102 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.762490988 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.763055086 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.763268948 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.763576984 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.763674021 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.764250040 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.764525890 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.765166044 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.765382051 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.765537977 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.765691042 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.765749931 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.766135931 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.766544104 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.766784906 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.766968012 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.767009020 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.767175913 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.767577887 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.767697096 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.767894030 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.767954111 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.768244982 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.768327951 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.768685102 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.768868923 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.769009113 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.769306898 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.769742966 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.769929886 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.770255089 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.770324945 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.770384073 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.770440102 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.770509958 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.770566940 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.771049023 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.771106005 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.771605968 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.771876097 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.772001028 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.772069931 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.772723913 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.772936106 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.773008108 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.773047924 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.773103952 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.773442030 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.773612022 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.773682117 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.774044991 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.774097919 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.774126053 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.774162054 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.774288893 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.774346113 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.774815083 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.774863958 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.774872065 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.774914980 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.775314093 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.775861025 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.775918007 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.776258945 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.776598930 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.801114082 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.885808945 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.886673927 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.886776924 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.888103008 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.888142109 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.888293028 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.888725996 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.888804913 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.889055967 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.889137030 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.889816046 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.889894009 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.890140057 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.890212059 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.891113997 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.891199112 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.891699076 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.891808033 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.892138958 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.892211914 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.893373013 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.893465996 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.893506050 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.893590927 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.894052982 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.894572973 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.894669056 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.895045042 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.895148039 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.898401976 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.898482084 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.898524046 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.898540020 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.898561954 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.898598909 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.898677111 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.899008989 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.899652958 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.899674892 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.899734974 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.900057077 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.900125980 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904036045 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904071093 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904109955 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904165030 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904194117 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904223919 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904273987 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904325008 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904325008 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904478073 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904490948 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904545069 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904628038 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904704094 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904720068 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904793978 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.904819012 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.904898882 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.905051947 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.905132055 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.905622959 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.905704021 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.905740976 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.905822039 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.906337976 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.906424999 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.906646967 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.906716108 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.907051086 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.907124043 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.907282114 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.907356977 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.907541037 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.907613039 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.907962084 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.908032894 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.908404112 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.908480883 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.909009933 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.909081936 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.909086943 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.909164906 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.909606934 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.909693956 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.909775019 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.909939051 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.910165071 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.910314083 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.910634995 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.910737038 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.910799026 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.910878897 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:44.911423922 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.911735058 CEST	6060	49753	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:44.911818027 CEST	49753	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:49.031116009 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:49.166435003 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:49.166548014 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:49.167247057 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:49.318011045 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:49.318134069 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:49.653194904 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:49.653420925 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:49.787693977 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:49.787847042 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.122970104 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.123059988 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.321165085 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.321269989 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.321902037 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.321981907 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.455507040 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.455598116 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.456442118 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.456510067 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.456996918 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.457067966 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.457856894 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.457935095 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.587992907 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.588099003 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.588440895 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.588501930 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.589489937 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.589550018 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.589941978 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.590014935 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.590439081 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.590504885 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.591440916 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.591514111 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.592012882 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.592078924 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.592483997 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.592551947 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.756969929 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.757121086 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.763267040 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.763303041 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.763382912 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.765075922 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.765171051 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.766874075 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.766973019 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.767220020 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.767292976 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.771399975 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.771498919 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.772751093 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.772845984 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.773127079 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.773192883 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.773216009 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.773282051 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.775268078 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.775320053 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.775356054 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.775357962 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.775404930 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.775443077 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.776905060 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.777009010 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.777584076 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.777628899 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.777662039 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.777686119 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.888861895 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.889187098 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.889671087 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.889807940 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.894260883 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.894499063 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.895091057 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.895203114 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.895726919 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.895843983 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.896639109 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.896723986 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.897073030 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.897223949 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.897702932 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.897802114 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.898685932 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.898785114 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.899144888 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.899292946 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.900084972 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.900167942 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.904649973 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.904742002 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.904783010 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.904789925 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.904881001 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.907664061 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.907860994 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.908108950 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.908209085 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.908808947 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.908905983 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.909271955 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.909419060 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.909861088 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.909950018 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.910232067 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.910278082 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.910305977 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.910409927 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.910666943 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.910854101 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.911098003 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.911184072 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.911854029 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.911906958 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.911956072 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.912003994 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.912208080 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.912286043 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.912651062 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.912725925 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.913208961 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.913281918 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.913328886 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.913398027 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.913769007 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.913839102 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.914165974 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.914238930 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.914654016 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.914725065 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.915164948 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:50.915231943 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:50.989667892 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.022648096 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.022845030 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.023188114 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.023281097 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.023794889 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.023895979 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.024107933 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.024189949 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.027673960 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.027808905 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.029843092 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.029895067 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.029913902 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.029956102 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.030038118 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.031132936 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.031235933 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.032346010 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.032453060 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.033189058 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.033317089 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.033756971 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.033853054 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.034919977 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.035007954 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.035284042 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.035365105 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.035731077 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.036392927 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.036648035 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.036727905 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.037164927 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.037280083 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.037550926 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.037655115 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.038126945 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.038218975 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.039052963 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.039108038 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.039134979 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.039203882 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.039593935 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.039671898 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.040170908 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.040257931 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.040606022 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.040640116 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.040685892 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.040739059 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.041110992 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.041198969 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.041966915 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.042109966 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.042119026 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.042190075 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.042690039 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.042809010 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.043329954 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.043447018 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.043566942 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.043638945 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.044126034 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.044230938 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.044671059 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.044769049 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.046328068 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.046422958 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.046833038 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.046863079 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.046880007 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.046891928 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.046920061 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.046933889 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.047020912 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.047041893 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.047046900 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.047209978 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.047298908 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.047650099 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.047744036 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.048176050 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.048261881 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.048526049 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.048603058 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.048911095 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.048994064 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.049400091 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.049489975 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.049835920 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.049926996 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.050210953 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.050295115 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.050303936 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.050376892 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.050780058 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.050865889 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:51.051286936 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.051609039 CEST	6060	49754	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:51.053812981 CEST	49754	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:55.089324951 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:55.221210957 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:55.221385956 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:55.222764015 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:55.371560097 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:55.371745110 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:55.706748962 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:55.706883907 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:55.839659929 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:55.839863062 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.174771070 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.174839973 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.369066954 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.369261026 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.372621059 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.372761965 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.501951933 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.502053976 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.502144098 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.502209902 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.506356955 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.506442070 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.507320881 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.507404089 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.635080099 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.635293007 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.635354996 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.635430098 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.636276007 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.636363983 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.636728048 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.636812925 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.638206959 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.638317108 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.638608932 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.638700962 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.640734911 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.640829086 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.641346931 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.641485929 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.769489050 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.769666910 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.769882917 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.769965887 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.770700932 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.770766020 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.771315098 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.771384001 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.771629095 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.771687031 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.772723913 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.772797108 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.773195028 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.773257971 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.773617029 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.773688078 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.774852037 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.774924994 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.775152922 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.775218964 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.776128054 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.776191950 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.776598930 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.776665926 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.777334929 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.777416945 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.778098106 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.778157949 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.778594017 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.778657913 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.779583931 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.779645920 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.902007103 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.902760983 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.902865887 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.903222084 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.903742075 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.903817892 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.904246092 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.905359030 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.905430079 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.906166077 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.906718969 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.906796932 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.907175064 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.907768011 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.907857895 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.908782959 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.909246922 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.909328938 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.909837008 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.910604954 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.910680056 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.911534071 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.911920071 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.912126064 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.912211895 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.912718058 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.912817001 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.913151979 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.913233042 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.914216042 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.914380074 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.914664030 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.914745092 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.915272951 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.915373087 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.915812016 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.915894985 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.916670084 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.916930914 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.916981936 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.917053938 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.917149067 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.917241096 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.917612076 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.917710066 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.917849064 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.917936087 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.918124914 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.918216944 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.918370008 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.918464899 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.918847084 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.918941975 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.919286013 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.919385910 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.920300961 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.920389891 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:56.920571089 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:56.920663118 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.037585974 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.037738085 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.038340092 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.038469076 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.039309978 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.039355993 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.039417982 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.039462090 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.040213108 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.040312052 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.040770054 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.040868998 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.041172028 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.041274071 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.041584015 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.041690111 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.042279959 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.042387962 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.043235064 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.043339968 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.043607950 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.043704987 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.044085026 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.044184923 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.044763088 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.044858932 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.045260906 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.045353889 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.045756102 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.045855045 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.046622038 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.046724081 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.047534943 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.047627926 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.047830105 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.047925949 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.048129082 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.048223019 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.048875093 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.048974991 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.049609900 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.049711943 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.050245047 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.050335884 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.050647974 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.050748110 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.051171064 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.051264048 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.052329063 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.052443027 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.053659916 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.053698063 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.053735971 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.053756952 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.053776026 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.053812027 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.053821087 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.053915024 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.054086924 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.054174900 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.054239035 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.054338932 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.054682016 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.054778099 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.055241108 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.055283070 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.055346012 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.055387020 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.055612087 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.055704117 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.056051016 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.056150913 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.056246996 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.056276083 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.056343079 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.056406975 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.056648970 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.056755066 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.056879044 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.056973934 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.057049990 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.057148933 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.057604074 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.057703972 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.057873011 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.057965994 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.058093071 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.058192968 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.058509111 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.058604002 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.058706045 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.058804035 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.059087038 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.059185028 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.059329033 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.059421062 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.059770107 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.059870005 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.059969902 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.060069084 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.114913940 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.170470953 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.170639992 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.170675039 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.170774937 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.171386957 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.171418905 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.171489954 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.178379059 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.178415060 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.178505898 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.178971052 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.179080009 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.179296970 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.179394007 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.180469036 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.180561066 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.181310892 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.181343079 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.181405067 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.181960106 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.181992054 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.182059050 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.182316065 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.182408094 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.183470964 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.183540106 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.183578014 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.183630943 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.183934927 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.183968067 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.184037924 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.184336901 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.184427977 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.185348988 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.185446024 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.185563087 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.185652971 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.185784101 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.185883999 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.185951948 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.186047077 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.187308073 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.187333107 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.187402010 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.187638044 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.187726974 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.187993050 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.188087940 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.188201904 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.188292980 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.188782930 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.188872099 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.189053059 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.189152002 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.190443993 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.190469027 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.190561056 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.190740108 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.190824032 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.190853119 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.190944910 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.192311049 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.192337036 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.192415953 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.192781925 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.192806005 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.192915916 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.193290949 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.193388939 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.194396019 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.194518089 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.194766998 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.194859982 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.194946051 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.195029974 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.195497036 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.195593119 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.196374893 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.196466923 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.196897030 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.196995020 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.197216034 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.197288990 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.197298050 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.197370052 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.197417974 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.197505951 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.197701931 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.197788000 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.197913885 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.198005915 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:37:57.198158979 CEST	6060	49755	79.134.225.7	192.168.2.3
Apr 4, 2021 02:37:57.198246956 CEST	49755	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:01.227227926 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:01.358809948 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:01.359122038 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:01.360450029 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:01.505892992 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:01.506136894 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:01.831342936 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:01.831608057 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:01.968389988 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:01.968625069 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.302932024 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.303050041 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.502060890 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.502299070 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.502507925 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.502871990 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.639235973 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.639280081 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.639609098 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.640074015 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.640192986 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.641055107 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.641161919 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.771809101 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.772047043 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.773412943 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.773602009 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.774379015 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.774490118 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.774810076 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.774946928 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.775882006 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.775975943 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.776385069 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.776477098 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.776967049 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.777059078 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.777844906 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.777926922 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.905941963 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.906181097 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.906927109 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.907046080 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.908348083 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.908441067 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.908922911 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.908999920 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.909799099 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.909882069 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.910279036 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.910353899 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.910926104 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.911024094 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.911817074 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.911894083 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.912276030 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.912369013 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.913402081 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.913516045 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.913893938 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.913975000 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.914344072 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.914426088 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.915314913 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.915406942 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.915796041 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.915885925 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.916524887 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.916599989 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:02.917464018 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:02.917581081 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.038451910 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.038708925 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.038909912 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.039005041 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.039320946 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.039392948 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.039993048 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.040086985 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.041493893 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.041841030 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.041920900 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.042401075 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.042483091 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.042814016 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.043108940 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.043889999 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.043984890 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.044317961 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.044400930 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.045490026 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.045581102 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.045908928 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.045988083 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.046457052 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.046536922 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.047358990 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.047425985 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.047975063 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.048052073 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.048402071 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.048482895 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.049335003 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.049416065 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.050049067 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.050137997 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.050836086 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.050914049 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.051347017 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.051418066 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.051465988 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.051557064 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.051779032 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.051868916 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.052481890 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.052567959 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.052933931 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.053009033 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.053307056 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.053406000 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.053483963 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.053555012 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.053872108 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.053950071 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.054382086 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.054457903 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.054954052 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.055032015 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.055350065 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.055423975 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.055823088 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.055924892 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.056356907 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.056457996 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.056874990 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.056953907 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.171998024 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.172264099 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.172331095 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.172521114 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.173340082 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.173455954 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.173768044 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.174249887 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.174339056 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.175460100 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.175575972 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.175776958 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.175873995 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.176347017 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.176762104 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.176835060 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.176960945 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.177252054 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.177444935 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.178180933 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.178268909 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.178853035 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.178926945 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.179250002 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.179353952 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.179857016 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.179928064 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.180284023 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.180356026 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.181348085 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.181904078 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.182008028 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.182229042 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.183367968 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.183464050 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.183892012 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.183967113 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.184370995 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.184448957 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.185427904 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.185848951 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.185930014 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.186288118 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.186361074 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.186800003 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.186872959 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.187248945 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.187326908 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.187530041 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.187591076 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.188050985 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.188122034 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.188126087 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.188191891 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.189102888 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.189210892 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.189294100 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.189536095 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.189606905 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.189956903 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.190051079 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.190088034 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.190161943 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.190454960 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.190561056 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.191304922 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.191356897 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.191658974 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.191741943 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.192225933 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.192244053 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.192351103 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.192414045 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.192663908 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.192687035 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.192759991 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.193018913 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.193120956 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.196144104 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.196264029 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.196655035 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.196760893 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.196974993 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.197036982 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.197171926 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.197233915 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.197709084 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.197796106 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.198060989 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.198152065 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.198458910 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.198515892 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.198780060 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.198865891 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.198899984 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.198955059 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.225233078 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.304863930 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.305179119 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.305321932 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.305419922 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.305893898 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.305974007 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.308446884 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.308532953 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.308722973 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.308830023 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.309454918 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.309567928 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.310281992 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.310395956 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.310679913 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.310761929 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.311408043 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.311484098 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.311847925 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.311938047 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.312360048 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.312433958 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.313556910 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.313638926 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.313750029 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.313837051 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.314331055 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.314455032 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.314884901 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.314975023 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.315332890 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.315459967 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.315882921 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.315994978 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.316880941 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.316919088 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.316976070 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.317816973 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.317955971 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.318329096 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.318406105 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.319454908 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.319545984 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.319801092 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.319890976 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.320291042 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.320379019 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.320849895 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.320979118 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.321284056 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.321412086 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.321827888 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.321983099 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.322304964 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.322421074 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.323132992 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.323256969 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.323318005 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.323407888 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.323808908 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.323911905 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.345850945 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.346009970 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.348773003 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.348925114 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.348987103 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.349095106 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.349169970 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.349733114 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.349828005 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.350019932 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.350125074 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.350455999 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.350547075 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.351144075 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.351233006 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.351495981 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.351588964 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.351654053 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.351738930 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.352054119 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.352133989 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.352538109 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.352624893 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.352716923 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.352797031 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.353054047 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.353143930 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.353442907 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.353535891 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.354096889 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.354178905 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.354621887 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.354712963 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.354815006 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.354902029 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:03.355412960 CEST	6060	49756	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:03.355499029 CEST	49756	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:07.579915047 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:07.717154026 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:07.717262030 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:07.873435974 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:08.025856018 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:08.025949001 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:08.358063936 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:08.358205080 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:08.578073978 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:08.578183889 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:08.916680098 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:08.916771889 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.102719069 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.102999926 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.103584051 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.237634897 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.237888098 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.238559008 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.238665104 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.239121914 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.239214897 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.239991903 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.240077019 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.372750998 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.372903109 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.374501944 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.374722004 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.375523090 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.375627041 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.375981092 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.376128912 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.376511097 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.376638889 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.377454996 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.377564907 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.377878904 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.377953053 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.379000902 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.379091024 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.504808903 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.504890919 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.505481958 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.505640984 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.507219076 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.507297993 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.512583017 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.512845993 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.513725996 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.513802052 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.514492035 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.514560938 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.514844894 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.514905930 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.515530109 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.516320944 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.516472101 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.516552925 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.517019033 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.517174006 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.517476082 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.517539978 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.517957926 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.518023968 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.518989086 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.519139051 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.519547939 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.519618034 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.520020962 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.520082951 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.632149935 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.644825935 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.644922972 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.645745993 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.645901918 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.645941973 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.646450043 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.646548033 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.646555901 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.646660089 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.647001982 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.647444010 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.647448063 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.647572041 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.648046970 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.648160934 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.648626089 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.648720026 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.648920059 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.648999929 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.649013042 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.649079084 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.649549961 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.649647951 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.650044918 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.650137901 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.650445938 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.650540113 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.650999069 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.651122093 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.651194096 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.651299000 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.651634932 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.651763916 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.651861906 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.651958942 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.652328014 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.652416945 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.652426958 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.652482033 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.652796030 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.653493881 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.653682947 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.653933048 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.654014111 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.654208899 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.654278994 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.654463053 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.654520988 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.654920101 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.654999018 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.655030012 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.655086994 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.655389071 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.655456066 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.655833006 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.655900955 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:09.656075954 CEST	6060	49759	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:09.656137943 CEST	49759	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:13.755109072 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:13.888077021 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:13.888164043 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:13.888710022 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:14.033036947 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:14.033117056 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:14.369069099 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:14.369213104 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:14.504087925 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:14.504343987 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:14.835561037 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:14.837934017 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.027251959 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.027307034 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.027430058 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.159243107 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.160322905 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.160444021 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.161199093 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.161587000 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.161659002 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.241661072 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.292772055 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.293591976 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.293678045 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.294184923 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.295128107 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.295222044 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.295356989 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.295521975 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.295954943 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.296102047 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.297024012 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.297415018 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.297472000 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.429361105 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.430102110 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.430187941 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.430720091 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.431962967 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.432666063 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.432702065 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.432728052 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.432754993 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.432782888 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.433509111 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.434535980 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.434598923 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.436187983 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.438019037 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.438081980 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.438410997 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.438467979 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.439122915 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.439624071 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.440268040 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.440331936 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.440500975 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.442195892 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.442270994 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.442492008 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.447945118 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.562422991 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.563343048 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.563472986 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.563636065 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.563998938 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.564397097 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.565165043 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.565241098 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.565854073 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.566572905 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.566648960 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.567122936 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.567881107 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.567950964 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.568562984 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.569569111 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.569652081 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.569761992 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.570771933 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.570836067 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.571104050 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.571762085 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.571827888 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.572766066 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.573569059 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.573631048 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.574006081 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.574637890 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.574703932 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.576581001 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.577188015 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.577272892 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.578217983 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.578866959 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.578955889 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.578958988 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.579332113 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.579400063 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.579750061 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.579986095 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.580075026 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.581377029 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.581448078 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.582691908 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.583127022 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.583168983 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.583206892 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.583230019 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.583761930 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.584091902 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.584161997 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.695777893 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.696285963 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.696635008 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.696726084 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.697124004 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.697751045 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.697820902 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.698641062 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.699026108 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.699090004 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.699677944 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.699982882 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.700323105 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.703150988 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.703224897 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.703530073 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.704164982 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.705055952 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.705130100 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.705468893 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.706002951 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.706074953 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.706566095 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.707334042 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.707405090 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.707657099 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.707984924 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.708053112 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.708532095 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.708597898 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.710342884 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.710679054 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.710743904 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.711011887 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.711123943 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.711188078 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.711291075 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.713064909 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.713146925 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.713921070 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.714288950 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.714445114 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.715617895 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.716031075 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.716104031 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.716820002 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.717067957 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.717211962 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.717365980 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.717842102 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.717911005 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.718319893 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.719048023 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.719111919 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.719944954 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.720261097 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.720290899 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.720345020 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.720655918 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.720762014 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.720841885 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.720915079 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.721884966 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.721956015 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.722239017 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.722513914 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.722575903 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.722754955 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.725941896 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.745960951 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.747153997 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.747257948 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.747878075 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.748173952 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.748254061 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.748577118 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.803415060 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.831516981 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.831723928 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.831820965 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.832376003 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.833703995 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.833784103 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.834081888 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.834584951 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.834656000 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.835000992 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.835764885 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.835834026 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.836610079 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.838009119 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.838080883 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.839257002 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.840565920 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.840635061 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.841082096 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.842082024 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.842149973 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.843095064 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.843559980 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.843667030 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.844122887 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.845215082 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.845256090 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.845283985 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.845799923 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.846282959 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.846352100 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.846605062 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.847496033 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.847568035 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.847745895 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.847841978 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.847903967 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.848284006 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.849853992 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.849917889 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.850363970 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.850438118 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.852065086 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.852606058 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.852667093 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.854146004 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.854608059 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.854882956 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.854954004 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.855034113 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.855699062 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.855761051 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.856002092 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.856518030 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.856570959 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.859765053 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.860001087 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.860083103 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.860943079 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.861004114 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:15.861865044 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:15.912789106 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.102969885 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.192595959 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.243311882 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.243443966 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.243608952 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.243676901 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.244508982 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.244585037 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.244971037 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.245047092 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.245537996 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.245616913 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.247107029 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.247179031 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.247211933 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.247267962 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.248024940 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.248097897 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.248538017 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.248605013 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.248971939 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.249061108 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.249984026 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.250058889 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.250406981 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.250474930 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.251444101 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.251528025 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.252096891 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.252171040 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.252497911 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.252567053 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.253402948 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.253489017 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.253956079 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.254038095 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.254410982 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.254477024 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.256385088 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.256460905 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.256772041 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.256846905 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.257143021 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.257185936 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.257214069 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.257236958 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.257582903 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.257649899 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.257860899 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.257921934 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.258784056 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.258831978 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.259494066 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.259542942 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.260178089 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.260236979 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.260456085 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.260504007 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.260811090 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.260853052 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.261051893 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.261097908 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.261337996 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.261388063 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.261821985 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.261868954 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.262279987 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.262326956 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.262478113 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.262523890 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.262825012 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.262867928 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.262872934 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.262923002 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.263263941 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.263320923 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.263951063 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.264002085 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.264307022 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.264359951 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.264612913 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.264657974 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.265008926 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.265057087 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.265165091 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.265209913 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.265427113 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.265474081 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.266026020 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.266076088 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.266335964 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.266382933 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.266541958 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.266590118 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.267096043 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.267174006 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.267224073 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.267291069 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.267455101 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.267509937 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.267934084 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.267983913 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.443579912 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.443773031 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.444276094 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.444365978 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.444613934 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.444675922 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.445210934 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.445275068 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.446279049 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.446333885 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.446616888 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.446667910 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.447261095 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.447315931 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.447714090 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.447770119 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.448151112 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.448209047 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.449316025 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.449369907 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.450120926 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.450177908 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.450752020 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.450804949 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.451179981 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.451232910 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.451751947 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.451807022 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.452193975 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.452248096 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.453466892 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.453526974 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.453711987 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.453772068 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.454230070 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.454288006 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.454751968 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.454812050 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.455349922 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.455414057 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.455869913 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.455925941 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.456803083 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.456857920 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.457192898 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.457247972 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.457598925 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.457659006 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.458159924 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.458230972 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.458682060 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.458750010 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.459208965 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.459276915 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.459762096 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.459841967 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.460283995 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.460354090 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.461005926 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.461045027 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.461083889 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.461107016 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.461325884 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.461425066 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.461798906 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.461863041 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.462115049 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.462174892 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.462476015 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.462547064 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.462840080 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.462908030 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.463152885 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.463211060 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.463212967 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.463268042 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.463718891 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.463785887 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.464241028 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.464299917 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.464303017 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.464360952 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.464678049 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.464737892 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.465781927 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.465823889 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.465852022 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.465878963 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.466434002 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.466494083 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.466677904 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.466737986 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.466885090 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.466947079 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.467485905 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.467556953 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.467756987 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.467847109 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.468046904 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.468086004 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.468126059 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.468148947 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.669832945 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.669960976 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.673880100 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.674048901 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.674092054 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.674185038 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.674820900 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.674902916 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.675503969 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.675601006 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.676279068 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.676371098 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.676791906 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.676872969 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.677742958 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.677839041 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.678083897 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.678174019 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.679629087 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.679708958 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.680090904 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.680160046 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.680772066 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.680864096 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.681951046 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.682023048 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.682213068 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.682286024 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.684307098 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.684372902 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.684386969 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.684442043 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.685374975 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.685461044 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.685940027 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.686034918 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.686150074 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.686237097 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.686552048 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.686678886 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.686705112 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.735112906 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.738584042 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:16.874948025 CEST	6060	49760	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:16.875008106 CEST	49760	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:20.893986940 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:21.025096893 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:21.025209904 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:21.025820017 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:21.175688982 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:21.175815105 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:21.505032063 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:21.505261898 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:21.637518883 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:21.637757063 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:21.975791931 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:21.975934982 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:22.250768900 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:22.250881910 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:22.382354021 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:22.382580996 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:22.717036009 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:22.717152119 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:22.849981070 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:22.850218058 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:22.981520891 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:22.981671095 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:23.195954084 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:23.345865965 CEST	6060	49761	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:23.346038103 CEST	49761	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:27.267406940 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:27.398732901 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:27.398874044 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:27.399218082 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:27.788862944 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:27.945677996 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:27.946018934 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:28.078221083 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:28.081015110 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:28.367448092 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:28.367909908 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:28.504832029 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:28.505760908 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:28.637608051 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:28.637862921 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:28.769426107 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:28.820293903 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:32.921188116 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:32.961124897 CEST	49762	6060	192.168.2.3	79.134.225.7
Apr 4, 2021 02:38:34.347619057 CEST	6060	49762	79.134.225.7	192.168.2.3
Apr 4, 2021 02:38:34.398925066 CEST	49762	6060	192.168.2.3	79.134.225.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 4, 2021 02:36:28.174801111 CEST	50141	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:36:28.240118980 CEST	53	50141	37.235.1.174	192.168.2.3
Apr 4, 2021 02:36:35.005397081 CEST	58823	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:36:35.055999041 CEST	53	58823	37.235.1.174	192.168.2.3
Apr 4, 2021 02:36:42.779943943 CEST	57568	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:36:42.829664946 CEST	53	57568	37.235.1.174	192.168.2.3
Apr 4, 2021 02:36:48.892271042 CEST	50540	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:36:48.944578886 CEST	53	50540	37.235.1.174	192.168.2.3
Apr 4, 2021 02:36:54.995816946 CEST	57762	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:36:55.047101974 CEST	53	57762	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:04.748682976 CEST	55435	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:04.802318096 CEST	53	55435	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:14.375236988 CEST	56132	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:14.425951958 CEST	53	56132	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:21.003932953 CEST	56579	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:21.056860924 CEST	53	56579	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:27.389853001 CEST	60633	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:27.440813065 CEST	53	60633	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:33.479202032 CEST	56338	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:33.546247005 CEST	53	56338	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:39.720015049 CEST	56803	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:39.799464941 CEST	53	56803	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:48.864392996 CEST	57145	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:48.921525002 CEST	53	57145	37.235.1.174	192.168.2.3
Apr 4, 2021 02:37:55.037035942 CEST	55359	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:37:55.087060928 CEST	53	55359	37.235.1.174	192.168.2.3
Apr 4, 2021 02:38:01.165364027 CEST	58306	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:38:01.216670990 CEST	53	58306	37.235.1.174	192.168.2.3
Apr 4, 2021 02:38:07.390798092 CEST	63150	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:38:07.577543020 CEST	53	63150	37.235.1.174	192.168.2.3
Apr 4, 2021 02:38:13.693104029 CEST	53279	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:38:13.753438950 CEST	53	53279	37.235.1.174	192.168.2.3
Apr 4, 2021 02:38:20.840424061 CEST	56881	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:38:20.892973900 CEST	53	56881	37.235.1.174	192.168.2.3
Apr 4, 2021 02:38:27.215109110 CEST	53642	53	192.168.2.3	37.235.1.174
Apr 4, 2021 02:38:27.264962912 CEST	53	53642	37.235.1.174	192.168.2.3

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Apr 4, 2021 02:36:28.174801111 CEST	192.168.2.3	37.235.1.174	0xcd1f	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:35.005397081 CEST	192.168.2.3	37.235.1.174	0x7824	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:42.779943943 CEST	192.168.2.3	37.235.1.174	0x8e5e	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:48.892271042 CEST	192.168.2.3	37.235.1.174	0xc05	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:54.995816946 CEST	192.168.2.3	37.235.1.174	0xc323	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:04.748682976 CEST	192.168.2.3	37.235.1.174	0xb23e	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:14.375236988 CEST	192.168.2.3	37.235.1.174	0x7aa1	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:21.003932953 CEST	192.168.2.3	37.235.1.174	0x8b21	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:27.389853001 CEST	192.168.2.3	37.235.1.174	0xae49	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:33.479202032 CEST	192.168.2.3	37.235.1.174	0x42f5	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:39.720015049 CEST	192.168.2.3	37.235.1.174	0x8dec	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:48.864392996 CEST	192.168.2.3	37.235.1.174	0x2055	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:55.037035942 CEST	192.168.2.3	37.235.1.174	0xe1c3	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:01.165364027 CEST	192.168.2.3	37.235.1.174	0x3943	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:07.390798092 CEST	192.168.2.3	37.235.1.174	0x7532	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:13.693104029 CEST	192.168.2.3	37.235.1.174	0x7aac	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:20.840424061 CEST	192.168.2.3	37.235.1.174	0x7b82	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:27.215109110 CEST	192.168.2.3	37.235.1.174	0xfd2a	Standard query (0)	james12.ddns.net	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Apr 4, 2021 02:36:28.240118980 CEST	37.235.1.174	192.168.2.3	0xcd1f	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:35.055999041 CEST	37.235.1.174	192.168.2.3	0x7824	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:42.829664946 CEST	37.235.1.174	192.168.2.3	0x8e5e	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:48.944578886 CEST	37.235.1.174	192.168.2.3	0xc05	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:36:55.047101974 CEST	37.235.1.174	192.168.2.3	0xc323	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:04.802318096 CEST	37.235.1.174	192.168.2.3	0xb23e	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:14.425951958 CEST	37.235.1.174	192.168.2.3	0x7aa1	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:21.056860924 CEST	37.235.1.174	192.168.2.3	0x8b21	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:27.440813065 CEST	37.235.1.174	192.168.2.3	0xae49	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:33.546247005 CEST	37.235.1.174	192.168.2.3	0x42f5	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:39.799464941 CEST	37.235.1.174	192.168.2.3	0x8dec	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:48.921525002 CEST	37.235.1.174	192.168.2.3	0x2055	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:37:55.087060928 CEST	37.235.1.174	192.168.2.3	0xe1c3	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:01.216670990 CEST	37.235.1.174	192.168.2.3	0x3943	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:07.577543020 CEST	37.235.1.174	192.168.2.3	0x7532	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:13.753438950 CEST	37.235.1.174	192.168.2.3	0x7aac	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:20.892973900 CEST	37.235.1.174	192.168.2.3	0x7b82	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)
Apr 4, 2021 02:38:27.264962912 CEST	37.235.1.174	192.168.2.3	0xfd2a	No error (0)	james12.ddns.net	79.134.225.7	A (IP address)	IN (0x0001)

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: wDIaJji4Vv.exe PID: 2788 Parent PID: 5636

General

Start time:	02:36:19
Start date:	04/04/2021
Path:	C:\Users\user\Desktop\wDIaJji4Vv.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\wDIaJji4Vv.exe'
Imagebase:	0x9a0000
File size:	663040 bytes
MD5 hash:	6A0C22A8A8D9524BA012910571B57D38
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 00000000.00000002.221605771.0000000004202000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000000.00000002.217455924.0000000003191000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: powershell.exe PID: 6104 Parent PID: 2788

General

Start time:	02:36:21
Start date:	04/04/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\wDIaJji4Vv.exe'
Imagebase:	0xb00000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 404 Parent PID: 6104

General

Start time:	02:36:21
Start date:	04/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: schtasks.exe PID: 3120 Parent PID: 2788

General

Start time:	02:36:21
Start date:	04/04/2021
Path:	C:\Windows\SysWOW64\schtasks.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\LGKyjAEnmfdSo' /XML 'C:\Users\user\AppData\Local\Temp\tmpE049.tmp'
Imagebase:	0x360000
File size:	185856 bytes
MD5 hash:	15FF7D8324231381BAD48A052F85DF04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6100 Parent PID: 3120

General

Start time:	02:36:22
Start date:	04/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: powershell.exe PID: 5528 Parent PID: 2788

General

Start time:	02:36:22
Start date:	04/04/2021
Path:	C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\AppData\Roaming\LGKyjAEnmfdSo.exe'
Imagebase:	0xb00000
File size:	430592 bytes
MD5 hash:	DBA3E6449E97D4E3DF64527EF7012A10
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 4812 Parent PID: 5528

General

Start time:	02:36:23
Start date:	04/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: RegSvcs.exe PID: 4688 Parent PID: 2788

General

Start time:	02:36:23
Start date:	04/04/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Imagebase:	0x1b0000
File size:	32768 bytes
MD5 hash:	71369277D09DA0830C8C59F9E22BB23A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RegSvcs.exe PID: 6172 Parent PID: 2788

General

Start time:	02:36:23
Start date:	04/04/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Imagebase:	0x320000
File size:	32768 bytes
MD5 hash:	71369277D09DA0830C8C59F9E22BB23A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: RegSvcs.exe PID: 6228 Parent PID: 2788

General

Start time:	02:36:24
Start date:	04/04/2021
Path:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Wow64 process (32bit):	true
Commandline:	C:\Windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
Imagebase:	0xfb0000
File size:	32768 bytes
MD5 hash:	71369277D09DA0830C8C59F9E22BB23A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Yara matches:	Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484889407.0000000006880000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484797009.0000000006840000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.485602336.0000000006D40000.00000004.00000001.sdmp, Author: Florian Roth Rule: NanoCore, Description: unknown, Source: 0000000C.00000003.451562866.0000000004A08000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484953222.00000000068B0000.00000004.00000001.sdmp, Author: Florian Roth Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.480310164.0000000003664000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484912246.0000000006890000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484650289.00000000067B0000.00000004.00000001.sdmp, Author: Florian Roth Rule: NanoCore, Description: unknown, Source: 0000000C.00000003.462233359.0000000004945000.00000004.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484681647.00000000067C0000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.482083953.000000000466E000.00000004.00000001.sdmp, Author: Joe Security Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484707713.00000000067E0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484868495.0000000006870000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, Author: Joe Security Rule: NanoCore, Description: unknown, Source: 0000000C.00000002.467839599.0000000000402000.00000040.00000001.sdmp, Author: Kevin Breen <kevin@techanarchy.net> Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484846998.0000000006860000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.485000098.00000000068D0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.485021734.00000000068E0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484030724.0000000005C20000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Gen_2, Description: Detetcs the Nanocore RAT, Source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, Author: Florian Roth Rule: Nanocore_RAT_Feb18_1, Description: Detects Nanocore RAT, Source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, Author: Florian Roth Rule: JoeSecurity_Nanocore, Description: Yara detected Nanocore RAT, Source: 0000000C.00000002.484199869.0000000005EC0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: dhcpmon.exe PID: 6744 Parent PID: 3388

General

Start time:	02:36:39
Start date:	04/04/2021
Path:	C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe
Wow64 process (32bit):	true
Commandline:	'C:\Program Files (x86)\DHCP Monitor\dhcpmon.exe'
Imagebase:	0x6f0000
File size:	32768 bytes
MD5 hash:	71369277D09DA0830C8C59F9E22BB23A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	.Net C# or VB.NET
Antivirus matches:	Detection: 0%, Metadefender, Browse Detection: 0%, ReversingLabs
Reputation:	moderate

Chronological Activities

Analysis Process: conhost.exe PID: 6752 Parent PID: 6744

General

Start time:	02:36:39
Start date:	04/04/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff6b2800000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: wDIaJji4Vv.exe PID: 2788 Parent PID: 5636 wDIaJji4Vv.exeCOMMON

Executed Functions

Function 05330C48, Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

N, xrefs: 05330D89

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: N
API String ID: 0-1130791706
Opcode ID: 1ee15b06f182e9dfdb534319ce3567b51fbd2dfb586a19e40730fda62aad9ab7
Instruction ID: 7c7b00648f454f526b28d00cc57276d0eec6d1f5e899d9d3acc7f9504b5acb7d
Opcode Fuzzy Hash: 1ee15b06f182e9dfdb534319ce3567b51fbd2dfb586a19e40730fda62aad9ab7
Instruction Fuzzy Hash: 9D51ADB4D01218CFDB08DFEAC5496EDFBF6BF89304F14806AD405AB294D7785A89CB85

Uniqueness

Uniqueness Score: -1.00%

Function 05338728, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 34213e36852bc55cec8a1698fb9953479362aab0114e5b3fd201aff0922a549a
Instruction ID: d716cafc90dfa05492dc3e9c5bb2f5553dc31036c1a8caea21c1619cb83b21ea
Opcode Fuzzy Hash: 34213e36852bc55cec8a1698fb9953479362aab0114e5b3fd201aff0922a549a
Instruction Fuzzy Hash: 1BA100B4D06208CFDB04CFAAC585AEDFBF2BF88314F24916AE415AB251E7709A41CF55

Uniqueness

Uniqueness Score: -1.00%

Function 053305B0, Relevance: 2.7, Strings: 2, Instructions: 201COMMON

Download Yara Rule

Strings

:@:r, xrefs: 053306DC
`5ar, xrefs: 05330735

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: :@:r$`5ar
API String ID: 0-3512261011
Opcode ID: 6febbaf317b4e156abff7a9f17e93fa40e9dce7e70e4f06890c83cc0835437d1
Instruction ID: 890ac8b816fee2ee9df3f7c7ad20e2e63c203f3ad75f76af1a7d61ab134ab418
Opcode Fuzzy Hash: 6febbaf317b4e156abff7a9f17e93fa40e9dce7e70e4f06890c83cc0835437d1
Instruction Fuzzy Hash: 1C91D474E01219CFEB58DFA9C899BADBBF2BF88310F104069D509AB3A4DB715945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05330F78, Relevance: 2.6, Strings: 2, Instructions: 99COMMON

Download Yara Rule

Strings

X$ar, xrefs: 05331013
X$ar, xrefs: 05331023

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: X$ar$X$ar
API String ID: 0-4274354868
Opcode ID: 5dc873b16f3dd3e168518b69601fd5ca358565bf57c76de0d5a9bc9852936c3a
Instruction ID: c015b79c843e6faa032e52dd668f9f0c1f227c32b1733a2e90dc5fa5ec9e04a9
Opcode Fuzzy Hash: 5dc873b16f3dd3e168518b69601fd5ca358565bf57c76de0d5a9bc9852936c3a
Instruction Fuzzy Hash: 8C41B474E01209EFDB08DFAAD591AADFBB2FF88304F10906AE80567364DB755985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0120AB26, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0120ABD5

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 6d701c707c88861675ac9e371da65b4af280954d01f2a58e618acdc4c7219d97
Instruction ID: 1d2f03fb30f25465cebf14bed980f9063fec8c29aa65fd89f7320d9e7778c66a
Opcode Fuzzy Hash: 6d701c707c88861675ac9e371da65b4af280954d01f2a58e618acdc4c7219d97
Instruction Fuzzy Hash: 5F31C572504384AFE7228B25CC45F67BFBCEF06710F08859BEE809B153D264A449CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0120BBBC, Relevance: 1.6, APIs: 1, Instructions: 91COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,E4D503A5,00000000,00000000,00000000,00000000), ref: 0120BC64

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 4bcbef413fd4b563f921f37abf320415bbfc69639c31f7aa086ee3bfd9a297b2
Instruction ID: d5d24bd4c00daef4856af36d44eee3ea88ea3f1d6452b0f0858592e042587e2a
Opcode Fuzzy Hash: 4bcbef413fd4b563f921f37abf320415bbfc69639c31f7aa086ee3bfd9a297b2
Instruction Fuzzy Hash: 9931C472404745AFE7228B64DC45F96BFACEF16310F0485ABEA449B192D224A905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0120BABE, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0120BB65

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 5bea721fa929eb3151524f859316ec4b701113fc375cdd2021d30d0688f48732
Instruction ID: e2de08241ad5fdd7a5d00feed15cdd8e1cd8ca12112720e1376ce3626426406d
Opcode Fuzzy Hash: 5bea721fa929eb3151524f859316ec4b701113fc375cdd2021d30d0688f48732
Instruction Fuzzy Hash: 2031A175509780AFE722CF25CC85F56FFE8EF06210F08849AE9848B293D364A908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0120AC1D, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,E4D503A5,00000000,00000000,00000000,00000000), ref: 0120ACD8

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 3fc084e623234f00491d797467a70be1e209416e1e46abe34988b7452d9707be
Instruction ID: c3fa183d8f6a3c84509fbc5f08715808415a425f6dafb567370daf3c1832d292
Opcode Fuzzy Hash: 3fc084e623234f00491d797467a70be1e209416e1e46abe34988b7452d9707be
Instruction Fuzzy Hash: 94319371105384AFE722CF25CC45F62BFB8EF06314F18859AEA858B293D264E549CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0120B074, Relevance: 1.6, APIs: 1, Instructions: 82COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0120B10E

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: ab160b48e1b82b4a2f4ac33eb8e652d4e031d28a18ba9a8a2377189c5e5d8c8c
Instruction ID: df0c8999644bb7b8864ec3924c00daa89d5c34d4cb5f744847d532383d630fe8
Opcode Fuzzy Hash: ab160b48e1b82b4a2f4ac33eb8e652d4e031d28a18ba9a8a2377189c5e5d8c8c
Instruction Fuzzy Hash: 6721957540D3C06FD7138B259C51B61BFB4EF87610F0A41DBE984CB5A3D224A919C772

Uniqueness

Uniqueness Score: -1.00%

Function 0120AB56, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0120ABD5

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: e5ed63a5ee85853f20a7c83e4ae09eb95bffa133d2ab3d9a5d10fbf022d3342b
Instruction ID: 54060512aab7ca5341d7e982babf0daffce5abc2d74744658043118427cfaebd
Opcode Fuzzy Hash: e5ed63a5ee85853f20a7c83e4ae09eb95bffa133d2ab3d9a5d10fbf022d3342b
Instruction Fuzzy Hash: EA219F72500704AFE7229B19DC45F6BFBACEF18710F14895BEE459B242E664A4088B71

Uniqueness

Uniqueness Score: -1.00%

Function 0120BAF2, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 0120BB65

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 0279c82aa278f7776a78448cd1307785be2b41d87945614ecd939a343a86258b
Instruction ID: c7636b7bd3b68294e7475752ff0e2860e97c9f88077b328d8bce1bb80cfda7b5
Opcode Fuzzy Hash: 0279c82aa278f7776a78448cd1307785be2b41d87945614ecd939a343a86258b
Instruction Fuzzy Hash: 9F217F75500640AFE731DF29D885B66FBE8EF04610F1485AAEE458B286E775E404CA61

Uniqueness

Uniqueness Score: -1.00%

Function 0120BBFA, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

GetTokenInformation.KERNELBASE(?,00000E2C,E4D503A5,00000000,00000000,00000000,00000000), ref: 0120BC64

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 2c47f4459fef8f4bb48d68be143d175720921d6cbdb3f2ad92d22040120735e5
Instruction ID: 03e71aa442897fbccb095bb9ac8075d3dc286dbb1cd5c7544502775a961b835b
Opcode Fuzzy Hash: 2c47f4459fef8f4bb48d68be143d175720921d6cbdb3f2ad92d22040120735e5
Instruction Fuzzy Hash: DA11C071500204AFEB228F65DC45FABBBACEF05310F04856BEA459B251D674A4088B71

Uniqueness

Uniqueness Score: -1.00%

Function 0120AC5E, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,E4D503A5,00000000,00000000,00000000,00000000), ref: 0120ACD8

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9f566c20a65729e5f642026e8c29b81d3fcb564845782701386a1b732746d752
Instruction ID: e3faf74f4c0f321ddce366fab553ed53705edecc0da9eb6897af358515fad305
Opcode Fuzzy Hash: 9f566c20a65729e5f642026e8c29b81d3fcb564845782701386a1b732746d752
Instruction Fuzzy Hash: 60218C71610704AFEB22CF19CC85FA7BBECEF04710F44856AEA459B292D660E408CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0120B3B9, Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0120B435

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: 49e3818414686195edbe93e0e6957a390cfebe957981dcb6c4a7063841be72db
Instruction ID: dbd181e624b8d3ca78ff2125567e9116d3f63635506aba9b7b57449d89e98698
Opcode Fuzzy Hash: 49e3818414686195edbe93e0e6957a390cfebe957981dcb6c4a7063841be72db
Instruction Fuzzy Hash: 5F21C375408380AFE7228F25DC44B62BFE8EF06210F09808AEE84CB293D265A508CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0120A5AF, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0120A61A

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 31db1ac4b0ecaea3f023223438d564ee02a92764d8105c474a4e654e2be3ef01
Instruction ID: a30c81391385ef41adce5a4fe575a194810c022a31e77348a7490db0a1cebb33
Opcode Fuzzy Hash: 31db1ac4b0ecaea3f023223438d564ee02a92764d8105c474a4e654e2be3ef01
Instruction Fuzzy Hash: CA118471409380AFDB238F55DC44A62FFF4EF4A210F0885DAEE858B163D275A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0120A65A, Relevance: 1.6, APIs: 1, Instructions: 59COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0120A6CC

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 6770d1adc8a6a6fd39467bc27bd77bbd421d09c44797ee5deebadd0c6e99b063
Instruction ID: de650aa4da1e12e59b0b2818131367b55f343b8c0c213d523bc1883e0d698178
Opcode Fuzzy Hash: 6770d1adc8a6a6fd39467bc27bd77bbd421d09c44797ee5deebadd0c6e99b063
Instruction Fuzzy Hash: 941159754093C49FDB138B25CC94A52BFB4DF07220F0A80DBD9858F1A3D2699948CB72

Uniqueness

Uniqueness Score: -1.00%

Function 0120A2D6, Relevance: 1.6, APIs: 1, Instructions: 57COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0120A32C

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 5b1d647bb51bc711d08bb4e410a056fc951dc444b62a5b321468de363105bd64
Instruction ID: cff47b7e22c950690e8f6be0d78b46021d27f23e2140d41e4bf845f2b5f9f698
Opcode Fuzzy Hash: 5b1d647bb51bc711d08bb4e410a056fc951dc444b62a5b321468de363105bd64
Instruction Fuzzy Hash: 60119471509384AFDB138F29DC94B56BFA4DF46220F0880EBED858F653D2759908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0120A9F0, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0120AA4A

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 9741b6840005f41f41382bb63a3909c4893051b52c4c20dfab65222e45767d70
Instruction ID: 073aa26c8899c4a6afb8635af75967f405fabd839d4dcfd5e6bacfda1e211844
Opcode Fuzzy Hash: 9741b6840005f41f41382bb63a3909c4893051b52c4c20dfab65222e45767d70
Instruction Fuzzy Hash: F6118231409784AFD7228F15DC44B52FFF4EF06220F08C5DAEE854B263D275A558DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0120B3EA, Relevance: 1.5, APIs: 1, Instructions: 46libraryCOMMON

Download Yara Rule

APIs

LoadLibraryShim.MSCOREE(?,?,?,?), ref: 0120B435

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: LibraryLoadShim
String ID:
API String ID: 1475914169-0
Opcode ID: ec514256599bc7bfbad25149c8338e170dd018628ee42a3d669f5e09fb60e259
Instruction ID: 6d5bd4c11c4e0b86e6a8d307099cb119be69ce5efd1b4b3a91e8f7d5a831c2b7
Opcode Fuzzy Hash: ec514256599bc7bfbad25149c8338e170dd018628ee42a3d669f5e09fb60e259
Instruction Fuzzy Hash: 660180759106049FEB21DF19D845B22FFE4EF04710F08815ADE499B353D6B5E508DB72

Uniqueness

Uniqueness Score: -1.00%

Function 0120A5D6, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0120A61A

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 94a1b4a626ab40e26b8649ad9fd4910683699eaa24d121699ea3c6162422ba50
Instruction ID: 8433b97ded51b5ff89770fb1a3acf903a00357c833b2229e07142c63070046a6
Opcode Fuzzy Hash: 94a1b4a626ab40e26b8649ad9fd4910683699eaa24d121699ea3c6162422ba50
Instruction Fuzzy Hash: 27015B72410700EFDF228F55D844B56FFE0EF48720F08C5AADE494B652D275A418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0120B0BE, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0120B10E

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 88eef779ac58d1dc30f3c193fdb0df0d719a4fa972b74cb08f6f1f53e00636a3
Instruction ID: deb56c7ab016c42d9146b26bff8ee4650c18bd533392867c918e73e808349955
Opcode Fuzzy Hash: 88eef779ac58d1dc30f3c193fdb0df0d719a4fa972b74cb08f6f1f53e00636a3
Instruction Fuzzy Hash: 0B01AD72500600ABE710DF16DC82F26FBA8FB88B20F14815AED084B741E335F916CBE6

Uniqueness

Uniqueness Score: -1.00%

Function 0120A2FA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 0120A32C

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: a7060f7d6ecf3b8b0b3e09ef5f91dccdf4e31820be3da675c65972315b9908a8
Instruction ID: 5100bbdd7cab5059da724b7068dbd7df8e8029ef4a5d83b36544cf6a376760aa
Opcode Fuzzy Hash: a7060f7d6ecf3b8b0b3e09ef5f91dccdf4e31820be3da675c65972315b9908a8
Instruction Fuzzy Hash: 5501DF71900340DFEB118F29D885766FF94EF04220F48C1ABDE498B252D6B4A408CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0120AA12, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32 ref: 0120AA4A

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: ba0cb3689f7ae2e50caa1daa4bcc341b6c7622d83289d2f315a0c643dab19bfe
Instruction ID: da8b6f6da5ac67a9d116a08e4f70c52a14cc932531b839eda32f703621e62186
Opcode Fuzzy Hash: ba0cb3689f7ae2e50caa1daa4bcc341b6c7622d83289d2f315a0c643dab19bfe
Instruction Fuzzy Hash: D501AD31410704DFDB228F19D985716FFA0EF08720F08C19ADE490B292D2B5A448DF62

Uniqueness

Uniqueness Score: -1.00%

Function 0120A69A, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0120A6CC

Memory Dump Source

Source File: 00000000.00000002.215942440.000000000120A000.00000040.00000001.sdmp, Offset: 0120A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 13956b4d745b60450e7727e6f42eba47b244d08ff147a8e5b08a90a132156002
Instruction ID: fa2dd0876cc6518d83db6c55268cbdb538a49223c96bcc99050f779e3e885e40
Opcode Fuzzy Hash: 13956b4d745b60450e7727e6f42eba47b244d08ff147a8e5b08a90a132156002
Instruction Fuzzy Hash: C0F0AF34810744DFDB11DF19DC85762FFA0EF44320F58C19ADE494B257E2B9A448CE62

Uniqueness

Uniqueness Score: -1.00%

Function 053305A0, Relevance: 1.4, Strings: 1, Instructions: 177COMMON

Download Yara Rule

Strings

:@:r, xrefs: 053306DC

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: :@:r
API String ID: 0-1441432688
Opcode ID: a5ad6a5d416833d9c7b4e46a5b3b44f689051dbab14af7ca720365b423830050
Instruction ID: 2814f5a27c2673c1eeff0393afa9780e4525a60bb10762fdae7bf8150c8ae387
Opcode Fuzzy Hash: a5ad6a5d416833d9c7b4e46a5b3b44f689051dbab14af7ca720365b423830050
Instruction Fuzzy Hash: 6771F474D01218CFEB58CFA9C499BADBBF2BF48310F1081A9D409AB3A0DB719945CF50

Uniqueness

Uniqueness Score: -1.00%

Function 05330F67, Relevance: 1.4, Strings: 1, Instructions: 103COMMON

Download Yara Rule

Strings

X$ar, xrefs: 05331013

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: X$ar
API String ID: 0-3528744091
Opcode ID: 32126c1fdbd0b83299d91cff031a2ab676a88e3582c81794c7970c9724ed2639
Instruction ID: 877994ce4f8a5fd0408bda51fa1fb2da3dd83ee06971c9650592e7deee53dc0d
Opcode Fuzzy Hash: 32126c1fdbd0b83299d91cff031a2ab676a88e3582c81794c7970c9724ed2639
Instruction Fuzzy Hash: 5441F774E05248EFDB09CFAAD590AADFBB2FF88300F14806AE80567265DB755985CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0533C628, Relevance: .2, Instructions: 186COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117ddf2a0bcf66e18c991503b54d256877b0f6e37c643f486b0e77501edea481
Instruction ID: f42505521fdfec89775a59c548123f799ab6a78207453fa111f78b945ff2e2fb
Opcode Fuzzy Hash: 117ddf2a0bcf66e18c991503b54d256877b0f6e37c643f486b0e77501edea481
Instruction Fuzzy Hash: 8B61B074D0920CCEDB14CFA5C98ABEDBBB6BF49304F24A42AE405B7240DB749985CF14

Uniqueness

Uniqueness Score: -1.00%

Function 05331CDE, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5dbbeaac683ea3357ff7f9e831df64581298d2b5ee9cbab4670e4f9dfd133df2
Instruction ID: 8b4131cea886cde1452106acad2aa214d61d6c0d8ff7c583da778b6ff4044080
Opcode Fuzzy Hash: 5dbbeaac683ea3357ff7f9e831df64581298d2b5ee9cbab4670e4f9dfd133df2
Instruction Fuzzy Hash: 2671EFB4E002188FCB14CFAAC491AADBBF2FF49314F648556E418EB355E731A981CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0121AA37, Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c10e5e1355939162179669ac0e0af340b85acf6205b727b83f366a3a18a519c
Instruction ID: 400f470b19eb6c84c2de9d95ab62ef77736dd36d0fcd2b2809f9776cc017faf8
Opcode Fuzzy Hash: 4c10e5e1355939162179669ac0e0af340b85acf6205b727b83f366a3a18a519c
Instruction Fuzzy Hash: 74518676509380AFD702CF25DC41957FFF4EF86620F09889FF9889B212D275A909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05330280, Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe06f65ec28db3b773ab047b9c4053d831bbb9d6b5413481ea64fb42858b1404
Instruction ID: f917096ff1461de34e3f85b2f938d050aba1210a72746076c1888e72a5a3f09e
Opcode Fuzzy Hash: fe06f65ec28db3b773ab047b9c4053d831bbb9d6b5413481ea64fb42858b1404
Instruction Fuzzy Hash: AE417B78A00218DFDB14DFA8C885BADBBF2BB4D710F105495E902AB3A4D775A950DF60

Uniqueness

Uniqueness Score: -1.00%

Function 0121A6D8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f4be3561346dd2d8cbc88b1f78b1edd3bcf25037e69d7498a3f83b05d79fa0
Instruction ID: 6fb5801374477f5e493862476521fbcb2f437c4f8134d6e9357dd6fcc684411e
Opcode Fuzzy Hash: a0f4be3561346dd2d8cbc88b1f78b1edd3bcf25037e69d7498a3f83b05d79fa0
Instruction Fuzzy Hash: 2F31A2B6504344AFE710CF15EC41E67FFE8EB89630F14C86EFD499B211D275A8048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0121A5AC, Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd3011e65b7e27b5feadf5cbd26b9847c8d3d5fb53bf1977737d9467b80d0869
Instruction ID: cbb8e4a3087a8721e9e87572a6fe234a702f16fb9e611def4b853541daf7493e
Opcode Fuzzy Hash: fd3011e65b7e27b5feadf5cbd26b9847c8d3d5fb53bf1977737d9467b80d0869
Instruction Fuzzy Hash: 7721D376545344BFE7118F05EC41E63FFE8EB89630F18C46EFD499B211D276A8058BA1

Uniqueness

Uniqueness Score: -1.00%

Function 0121A944, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72892c908c1df6217620d0ee49221516e6504584a9a3cfac5932e31bc53b2a46
Instruction ID: 2eca3f099dd93181af2e345c7338bdb9c39279315f61a020cc15624874a45bb8
Opcode Fuzzy Hash: 72892c908c1df6217620d0ee49221516e6504584a9a3cfac5932e31bc53b2a46
Instruction Fuzzy Hash: DD214FB6504304BFE610CF49EC41E57FFE8EB88A60F14C91EFD4997211D275A9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0121A818, Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc3ba3fef29f5f4bfdce78d550fd89d2f8b25d65341abe2dce62d6d78ecb3396
Instruction ID: b26ef8ffc199425b39009f5456decfad708615fee7f680be7f48917550835ffc
Opcode Fuzzy Hash: cc3ba3fef29f5f4bfdce78d550fd89d2f8b25d65341abe2dce62d6d78ecb3396
Instruction Fuzzy Hash: 5A214FB6544304BFE610CF49EC41E67FBE8EB88A60F14C91EFD4997210D275A9148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 053309E1, Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bbd20a2d7e8a2db56d223c95afb81ff88fee7667cbc1b27c40d50332081ad4cd
Instruction ID: ccf3a87ec54c4dcaa61a4a4bb625d15135a807e4dc585f8b5291daa693b362e7
Opcode Fuzzy Hash: bbd20a2d7e8a2db56d223c95afb81ff88fee7667cbc1b27c40d50332081ad4cd
Instruction Fuzzy Hash: BE316934E01209EFCB05EFA4D994AEEBBB2FF99300F2045A9D8046B394CB355E55DB50

Uniqueness

Uniqueness Score: -1.00%

Function 05330C38, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37c079479ffec3f3ef5893181ca68822cbc3dbfda787cb0f82d529a35f0d321c
Instruction ID: 2114904586a987a54200c9b6b39234e1f8193bedd9217c70c0cd107320e609c1
Opcode Fuzzy Hash: 37c079479ffec3f3ef5893181ca68822cbc3dbfda787cb0f82d529a35f0d321c
Instruction Fuzzy Hash: CC319FB4D05248CFDB18CFEAC54469EFBF2BF98300F24C16AD408AB258DB755A46CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0121A3A8, Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eb84b5100b11b8157ecaeac690b72c408c66ddabd4081737ea7fcfb60196248f
Instruction ID: e004bdb191be11425259347483052e6f34a03a81396e681caf4a719b90af60d4
Opcode Fuzzy Hash: eb84b5100b11b8157ecaeac690b72c408c66ddabd4081737ea7fcfb60196248f
Instruction Fuzzy Hash: EF218476544304BFE6108E46EC41D67FFACEB88A70F14C51EFE4957210D276B9148BA5

Uniqueness

Uniqueness Score: -1.00%

Function 05330E4A, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d59fd4386fa195936c228b42a08c6cd6c50a6618a823624f2a03a9e2e6ecbc24
Instruction ID: a698daa33c456c2f6cd6ef21d62f873fe93b843b5aab96477691f1857068df4c
Opcode Fuzzy Hash: d59fd4386fa195936c228b42a08c6cd6c50a6618a823624f2a03a9e2e6ecbc24
Instruction Fuzzy Hash: 0F21ACB0D09348EFCB09DFA5C855AAEBBB1FF46300F1081AAD811AB391DB341A44CF91

Uniqueness

Uniqueness Score: -1.00%

Function 053309F0, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 489b919c93883acd38f61b0dfc306d08c7b4f2a780da21b248105eb050eeff90
Instruction ID: 610562daed0083465149d95ba399359d63b41d543595d3dea63250ca8d64e2b4
Opcode Fuzzy Hash: 489b919c93883acd38f61b0dfc306d08c7b4f2a780da21b248105eb050eeff90
Instruction Fuzzy Hash: 06314B34E01209EFCB04EFA4D585AAEBBB2FB98300F2045A9D80567354CF359E55CF90

Uniqueness

Uniqueness Score: -1.00%

Function 05330006, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc4a38d90fb554fe01e5e8ee526247f7de78baf7a4150b057650bbf2acadd37c
Instruction ID: 6acdb82fd77f0f8276a64fe1d11033479b5caf9bf9f3846da53529f3402c7e00
Opcode Fuzzy Hash: cc4a38d90fb554fe01e5e8ee526247f7de78baf7a4150b057650bbf2acadd37c
Instruction Fuzzy Hash: CB21303045E3858FD7168B74D8657A6BFB0EF07214F0948EBC450DB1A3D6786858DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0121A95A, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d912a68790abadca81f597674eb8fe5b50c4f2400006b1ab55b68ddb052deeda
Instruction ID: a51d87fc883ff1870048a0060bdabaf2c4604761f6515e83ffe329413f4d298c
Opcode Fuzzy Hash: d912a68790abadca81f597674eb8fe5b50c4f2400006b1ab55b68ddb052deeda
Instruction Fuzzy Hash: 82212FB6544304AFE650CF09EC41E57FBE8EB88630F14C92EFD4997311D275A9148FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0121A82E, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24f1b2314e07e3ad6d9f6a8af60f348a1c9fdc9625710f50842a67d12ae6f524
Instruction ID: e8d827957be731d01057686d0f47bdc4942aac89c135a1b608e945e004a164b9
Opcode Fuzzy Hash: 24f1b2314e07e3ad6d9f6a8af60f348a1c9fdc9625710f50842a67d12ae6f524
Instruction Fuzzy Hash: 2B212FB6544304AFE650CF49EC41E57FBE8EB88630F14C92EFD4997311D275A9148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0121A702, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 870dcb53b9da8c76500acff0fbe96aa4183e4f1c72183cbf6e08e51a748c40b2
Instruction ID: ed7baa0b7fec1dfe85732e0e8712350b331af8b2eb38536ce95a36f661a5b966
Opcode Fuzzy Hash: 870dcb53b9da8c76500acff0fbe96aa4183e4f1c72183cbf6e08e51a748c40b2
Instruction Fuzzy Hash: 9E212FB6644304AFE750CF09EC41E57FBE8EB88670F14C92EFD4997311D275A9148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0121A190, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74ccca758a40571fefac0c99362ed519a1f8b714ff5e907a20d2b020af82a095
Instruction ID: 0b8fb43edf26c3cd89ac7bc0a49f636fa2a5ae5179efd1b33326798ce65c27e1
Opcode Fuzzy Hash: 74ccca758a40571fefac0c99362ed519a1f8b714ff5e907a20d2b020af82a095
Instruction Fuzzy Hash: 7F11DA72540304BFE6108E06EC41E63FFACEB84A70F14C51EFE0957200D672B9148BB5

Uniqueness

Uniqueness Score: -1.00%

Function 0121A3BE, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8adf7d9984ba6b630fc87d509a714d48142cb5bb46e62440ef1da2c80451bbb0
Instruction ID: cc6660959328fe4be26b8777f7cb83394294c24119a0c9e93e75e77866690ad1
Opcode Fuzzy Hash: 8adf7d9984ba6b630fc87d509a714d48142cb5bb46e62440ef1da2c80451bbb0
Instruction Fuzzy Hash: 15119376544304BFE6108F0AEC41E67FBE8EB88630F14C56AFD095B311E276A5148BA2

Uniqueness

Uniqueness Score: -1.00%

Function 0121A5D6, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4c7143f9ea0e303d05bf6ff6cf74eaf59593f710f7b3fe818331b1627047b9d
Instruction ID: 68efa31ee9085d8aeeb794f6559801d732e4c7c39ba58b5473d8b3232aaa54a6
Opcode Fuzzy Hash: d4c7143f9ea0e303d05bf6ff6cf74eaf59593f710f7b3fe818331b1627047b9d
Instruction Fuzzy Hash: 9E119376544304BFE6108F0AEC41E67FBE8EB88630F14C56AFD095B311E276B5148AA2

Uniqueness

Uniqueness Score: -1.00%

Function 05332198, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99994c1802d4626f95f4752ce3b8b34c89acdc1c383fd5cd84afb7321e927e6f
Instruction ID: 897627ca537258178c8a14e31609852aa905d635688a2a8852c43bc10d77ab38
Opcode Fuzzy Hash: 99994c1802d4626f95f4752ce3b8b34c89acdc1c383fd5cd84afb7321e927e6f
Instruction Fuzzy Hash: ED310474A10218CFDB24DFA4D884BDDBBB1FB44314F1085AAE80AA7390DB749E84CF60

Uniqueness

Uniqueness Score: -1.00%

Function 0121A62C, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 474af87f6898ed9acc7bd9beae0f9aa4d815685cfdbc6664cafb6b612011d3bf
Instruction ID: b400364d6bae8f81dd9563ae438b6ba253d6fe1e264b679c2ba1a5197787ab7b
Opcode Fuzzy Hash: 474af87f6898ed9acc7bd9beae0f9aa4d815685cfdbc6664cafb6b612011d3bf
Instruction Fuzzy Hash: 1C214FB550D380AFD702CF15DC51957BFE4EF8A620F09899AF9889B252D235A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 05331225, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ad2eb520838f397c63a328925f1ed15a30c5f779549239ad024f16e166c872ea
Instruction ID: bbf92a2aec2662fe15c9db85f08ea29a5d573dd2617ab358d1a5098568510751
Opcode Fuzzy Hash: ad2eb520838f397c63a328925f1ed15a30c5f779549239ad024f16e166c872ea
Instruction Fuzzy Hash: 0D3179B4E012289FDB64DFA8D985B9DBBF2BB48214F1081A9E809A7251DB319984CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0121A1A6, Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2f04b2f3305319eed8310a3faf765facb4e531476b705238315ebc83c75f67
Instruction ID: cd7a27b1de305218428f364e44783ee412d46593dae5f449e811988d4663daa6
Opcode Fuzzy Hash: 3b2f04b2f3305319eed8310a3faf765facb4e531476b705238315ebc83c75f67
Instruction Fuzzy Hash: 7F11CA72640204BFE6108E0AEC41E63FB9CEB88A30F14C56BFE095B211D276B5148FB5

Uniqueness

Uniqueness Score: -1.00%

Function 0124075C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ae51e54cb534ba7f8312d5b8402f7101ed505b2ebf769a87e53c77ca7358844
Instruction ID: 0f9b471210baffd92569a8ebe29d954b3147f71a652d4f387db5d426f074c834
Opcode Fuzzy Hash: 6ae51e54cb534ba7f8312d5b8402f7101ed505b2ebf769a87e53c77ca7358844
Instruction Fuzzy Hash: 1611D534214244DFD309CB14C980F66BB91AB89708F24C59CFA491B643C77BD843CE56

Uniqueness

Uniqueness Score: -1.00%

Function 01240701, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe150c441824086c811b766bb20597aea318c43ca785ec5bd23fc857ea50f238
Instruction ID: ac12161587fd87702cd92253e18fdf9e16cc360208253789d32bb7fb84c6e2f9
Opcode Fuzzy Hash: fe150c441824086c811b766bb20597aea318c43ca785ec5bd23fc857ea50f238
Instruction Fuzzy Hash: FE216F3511D3C09FC70BCB20C850B95BFB1AB47704F2985EEE6848B6A3C23A9846DB53

Uniqueness

Uniqueness Score: -1.00%

Function 053300F8, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b27620ca429ec48f20a2d56c0d1aad83c0ad21121d8f78942755db60144e6b
Instruction ID: 44bbd0ecdab10805a8f33cb84030df8a05d98a73be621913ef5e2cee8962bf8d
Opcode Fuzzy Hash: b8b27620ca429ec48f20a2d56c0d1aad83c0ad21121d8f78942755db60144e6b
Instruction Fuzzy Hash: D9217534A1024BDFDB05EFA8E4485ADBBB2FF61304B10456AD90197359DFF15E41CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0121AAF5, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae14c550941f3f9a108970fe7a4ffbbaa3b80430109a203ce47b97f36df8f1e4
Instruction ID: 0a5a656745d7ed19766a8e7d171b66d7361316e5856abe6be0d0d35edc4e8b16
Opcode Fuzzy Hash: ae14c550941f3f9a108970fe7a4ffbbaa3b80430109a203ce47b97f36df8f1e4
Instruction Fuzzy Hash: 1111E9B5908305AFD340CF19D881A5BFBE4FB88660F04892EF998D7311E375E9048FA2

Uniqueness

Uniqueness Score: -1.00%

Function 0124073A, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac00b467f5d6715e5c45c0d89c5d905af309599d76259e75a6e4cf3ca65c8ad5
Instruction ID: fffa041154f88bfca6b492a7fbc01ffc4f6005c76925ad205aba1ed5a1d7dc85
Opcode Fuzzy Hash: ac00b467f5d6715e5c45c0d89c5d905af309599d76259e75a6e4cf3ca65c8ad5
Instruction Fuzzy Hash: 771181351093C59FC70BCB24C950B55BFA1AF46704F1985DAEA884B6A3C33A9853DB92

Uniqueness

Uniqueness Score: -1.00%

Function 05330108, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 855193ad98444290d7cbad318caa0f89ebec851f06f1fe239f360500ab70bd60
Instruction ID: 58d9ae05bdce1a63ee90bef2c2ac55df42df40387a0bf2312ed69a7f41e8f561
Opcode Fuzzy Hash: 855193ad98444290d7cbad318caa0f89ebec851f06f1fe239f360500ab70bd60
Instruction Fuzzy Hash: 89113034A1020BDFDB15EFA8E4485ADBBB2FFA1304B10466AD90157359DFF16E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 053310C8, Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f3482dfe0cd448618dacefdf8a02c93e20f003cb28c0558a8e8d6f5966acea3
Instruction ID: 602985e5b246a0f07941cef043cfe5cd106efc100cde0bbde08c3a98607163e9
Opcode Fuzzy Hash: 0f3482dfe0cd448618dacefdf8a02c93e20f003cb28c0558a8e8d6f5966acea3
Instruction Fuzzy Hash: 7B018C30905248EFC721CFA5E840869BB79FB46310F0496E6DC4457254DF755D86CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 05330B00, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19478719d9cd3f2d6478d039a377032a5915166f346a072ada0541b78e09207e
Instruction ID: 12046b117f99eaa15f6d4b8585adb7b85dfbe94b55cc0fdcbf7958159d21135b
Opcode Fuzzy Hash: 19478719d9cd3f2d6478d039a377032a5915166f346a072ada0541b78e09207e
Instruction Fuzzy Hash: B001483891E3849FCB06DF7494A4599BF71EF07204B1980D7D880CB263C6394D49DB62

Uniqueness

Uniqueness Score: -1.00%

Function 012405CF, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2848bddd0f56fd060282b88d6a18a8eedb7b9feb1c0c3e085e75c50a483f4868
Instruction ID: c45bb988ff77c8236fcabc5732c4b3bbcb52f2890c091e86fb6b2d101120dd15
Opcode Fuzzy Hash: 2848bddd0f56fd060282b88d6a18a8eedb7b9feb1c0c3e085e75c50a483f4868
Instruction Fuzzy Hash: BA01DB715097805FD7128F16EC40862FFF8DF86630708C49FED498B612E169A908CB72

Uniqueness

Uniqueness Score: -1.00%

Function 05331FD2, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ea1bdc582e7e9ccd2ad46fa3033cdfb223f4a4f2aecf22b7ed799a4917472d4
Instruction ID: 9a77fa18a03cee5d73e7c50b8f52248a79653ca6c1ea39977b34172afcf196b1
Opcode Fuzzy Hash: 6ea1bdc582e7e9ccd2ad46fa3033cdfb223f4a4f2aecf22b7ed799a4917472d4
Instruction Fuzzy Hash: 9C110474A1025ACFCB24DF65D885ADDBBB1FB48304F0084A9E81A97654EBB09E85CF44

Uniqueness

Uniqueness Score: -1.00%

Function 05331178, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c91467f5a0e924858f1d7261f781782b05f7d6d2e97002b74e650672f7dd76f5
Instruction ID: 73393315786fc72071726ea2b428b0f77ae88e6c93d1ea399df91a709d9a446d
Opcode Fuzzy Hash: c91467f5a0e924858f1d7261f781782b05f7d6d2e97002b74e650672f7dd76f5
Instruction Fuzzy Hash: 0D01D6B1E156089BDB2CDFAAE8855EDFBB3AFD9300F04D52AE40567664DB314801CF54

Uniqueness

Uniqueness Score: -1.00%

Function 05338618, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30e2fe73f9bf2a0a82957ab821c688461e1fe337a4277360b376e1eac86cc454
Instruction ID: e29eebb0e8ba857639d0b7439c8a7de4cca56d89934a4b2b0b96e764258f4d1a
Opcode Fuzzy Hash: 30e2fe73f9bf2a0a82957ab821c688461e1fe337a4277360b376e1eac86cc454
Instruction Fuzzy Hash: 2001A5B8D04209DFDB08DFA9C5459AEFBB6FB98300F1081AAE915A3350DB345A41DF91

Uniqueness

Uniqueness Score: -1.00%

Function 053303E9, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64e3405a4fab73767fa86faeeeee625ee14ce24f2d1e99d42e2463ccb3956e2c
Instruction ID: f48043f4a2bb8b9f7db5bf15fbda7926acfb916a4acf0edec10b64fc063167b1
Opcode Fuzzy Hash: 64e3405a4fab73767fa86faeeeee625ee14ce24f2d1e99d42e2463ccb3956e2c
Instruction Fuzzy Hash: FEF0493090A248DFD719DBB0C554EABB77AEF86304F2048AA840167286CA755F51EAA5

Uniqueness

Uniqueness Score: -1.00%

Function 05331A37, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36790862302effad11abddd3cf9872107407225ce157851316a6a5d6514e4b60
Instruction ID: 13686d3a7b20f47ca64fcf6370ba6872b1ef0e5eccb2f88933547a34a41344a3
Opcode Fuzzy Hash: 36790862302effad11abddd3cf9872107407225ce157851316a6a5d6514e4b60
Instruction Fuzzy Hash: 9A019374E01229CBEB60CB69CC51FEDB7B1EF49225F4082D6D60CA7281DA309E85CF54

Uniqueness

Uniqueness Score: -1.00%

Function 05330458, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5d136bbcebf2a1906bad1b4fe93b5acfb918d151287b21aee6cc02cfc0ae6a8b
Instruction ID: b171a59a68eb968932d21db15dac59ac154113e328decf5b358c61d993c842a2
Opcode Fuzzy Hash: 5d136bbcebf2a1906bad1b4fe93b5acfb918d151287b21aee6cc02cfc0ae6a8b
Instruction Fuzzy Hash: 3DF0F474C06348DFCB25DFA4D8085AEBBB4EF06301F1049AAD814A7342DB755A51CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05330070, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 94ca01095fc557adb5fd7284c5f5e6b8af4236b23b9f3799dfc7dfccf4382a81
Instruction ID: 1ea97f786fe5c309b5efdad78f493fb51b8f923dc8fb848d9a0d511c49b887f6
Opcode Fuzzy Hash: 94ca01095fc557adb5fd7284c5f5e6b8af4236b23b9f3799dfc7dfccf4382a81
Instruction Fuzzy Hash: 62F08C70D012099BDB68DFB4C85ABFFFAF5EB09700F10182AC011B3380EAB569048BE4

Uniqueness

Uniqueness Score: -1.00%

Function 05330EC0, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8016dad5a73dd469bcac21df1e5ca6f29b13a8acef7904da3b12120d0de8526
Instruction ID: eb6ef0dbecfe9af0caa9aa2deca954a153f73c3000eda55032f2439443f4ee4f
Opcode Fuzzy Hash: d8016dad5a73dd469bcac21df1e5ca6f29b13a8acef7904da3b12120d0de8526
Instruction Fuzzy Hash: D7F09A71E44258DFCB48DFB8E858AAEBFB1FF96300F0081AAC815A3251DB345948DF50

Uniqueness

Uniqueness Score: -1.00%

Function 053303F8, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2bf6e1dcccab5e15b0c5e36144584b633f7be3331d47695fa27a3fea10b366ed
Instruction ID: 3322865e11437fb2c554a33dd02e4b3bf8f3c6a92cf7ad8b641966ee977c86f4
Opcode Fuzzy Hash: 2bf6e1dcccab5e15b0c5e36144584b633f7be3331d47695fa27a3fea10b366ed
Instruction Fuzzy Hash: DEF01C30A462089FD708DBF0C544FAFB36ADB85204F6058A89406237858EB55F019AA5

Uniqueness

Uniqueness Score: -1.00%

Function 05330538, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9a454fc0a6ebdeaca67fa99bd49d1fa540f8854fb8d67799e96aaa53157268c
Instruction ID: 3075c9041c059d45c545d597725dc2b9a37e5569487b15a966b86881442e893d
Opcode Fuzzy Hash: e9a454fc0a6ebdeaca67fa99bd49d1fa540f8854fb8d67799e96aaa53157268c
Instruction Fuzzy Hash: EAF01478A09349EFDB44DFA8D54499DBBB0FB08210B2085A9E80497345D670AE00CB91

Uniqueness

Uniqueness Score: -1.00%

Function 05330E60, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1097f781239b283fc7264b9584a17bc68b814466472cb493408be67ee39ba01a
Instruction ID: d869cf9af6e8bc597829028d66c2cca88c7541b8c12ce1c1c8721ad2cc7d2f75
Opcode Fuzzy Hash: 1097f781239b283fc7264b9584a17bc68b814466472cb493408be67ee39ba01a
Instruction Fuzzy Hash: 21F017B4E08219DBCB08DFA9C841AEEFBB5EB84310F208169A815A7390DB705A40DFD1

Uniqueness

Uniqueness Score: -1.00%

Function 0124072C, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 15148b37b4c0551ad24c4d30775f48e11213c958882e8200b2c6819310fe7d04
Instruction ID: c4e5fd1f9e9e459f0cf923569761d817c99db2eca667bb68310980c61123e49c
Opcode Fuzzy Hash: 15148b37b4c0551ad24c4d30775f48e11213c958882e8200b2c6819310fe7d04
Instruction Fuzzy Hash: CB011D355082418FD70ACF54D580B55BBA2AB8A718F29C6DDE9484B263C3369953DF81

Uniqueness

Uniqueness Score: -1.00%

Function 01240818, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 285dfc351fa5157ccbc2dec9420b32b074741bb9762c5d3913745a9050fbfcf3
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: ABF0FB35114645DFC206CB44D940B55FBA2EB89718F24C6A9EA490B652C337A813DE85

Uniqueness

Uniqueness Score: -1.00%

Function 053304B0, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f97a385d91eedefee8eae7e446e0aa3abbb14c2e5b2bd63639c8b2f4b755f4d
Instruction ID: c11fcf220c6dbdbb15d29feaa08a1ca9c7935ce957c9718e2e66608d08ceca09
Opcode Fuzzy Hash: 0f97a385d91eedefee8eae7e446e0aa3abbb14c2e5b2bd63639c8b2f4b755f4d
Instruction Fuzzy Hash: ABF0A074909349DFC719DFA8A4455A8BBB4EF42301F1000E6C80497711E6319F94DB91

Uniqueness

Uniqueness Score: -1.00%

Function 05331C79, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7c47f60fa43fe6510ecc32a391ef53f1f3298fc01e074da37980f22b840b39b
Instruction ID: 729823c57340bbe366fcdb7026bc66f8a453abdab1d489573b96c4c7b5b96568
Opcode Fuzzy Hash: d7c47f60fa43fe6510ecc32a391ef53f1f3298fc01e074da37980f22b840b39b
Instruction Fuzzy Hash: 21F06D74E08354CFDB01CF66C890AECBBB5EF16214F4581DAD4487B216DA314941CF22

Uniqueness

Uniqueness Score: -1.00%

Function 012405F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ddebb2fe1195e2a7a15952e4b4e65fb20ee1e9958638f47daadaf075853377
Instruction ID: a992fd0b129728a9b26ec967e44a8e003244f67e2bdb07867feed3da0bfc07b7
Opcode Fuzzy Hash: 67ddebb2fe1195e2a7a15952e4b4e65fb20ee1e9958638f47daadaf075853377
Instruction Fuzzy Hash: 90E092766006048BD650DF0BEC41452F7D8EB88630B18C07FDC0D8B710E539B508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 0533253C, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddfa13e7438444987f82c6564861b7ef84a478892dfb1bc1c85981a8055763fa
Instruction ID: 6c244d2e56a326a2e601256b13022bd76e2c6584d99c9170c11e82fd43f8c5ee
Opcode Fuzzy Hash: ddfa13e7438444987f82c6564861b7ef84a478892dfb1bc1c85981a8055763fa
Instruction Fuzzy Hash: 16F03A7990121C8FDB28CF24C8876D97B75FB11700F6181DAE51AA3341EB304A86CF91

Uniqueness

Uniqueness Score: -1.00%

Function 05330221, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7774d74492e16e127042a34a7593aa5cd39809bd77069475b2155d08752464f8
Instruction ID: 76d52ac3af94a8289500765be99c91fb62642d9b7bea7996cdf616246f415e5c
Opcode Fuzzy Hash: 7774d74492e16e127042a34a7593aa5cd39809bd77069475b2155d08752464f8
Instruction Fuzzy Hash: FAF0ED7480A308EFDB09CFB4E10A16CBBB5EB26302F1040AAD80593380DBB16E80CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0121A138, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87cb0b7e701e95be27f824743c41d2176b1344c6e853014b6c19bc6fb3dba65c
Instruction ID: eb88b00b522918ce4b007ca33c689f1bed33a5c30d9d1e9bd0f68955a3f2dc3f
Opcode Fuzzy Hash: 87cb0b7e701e95be27f824743c41d2176b1344c6e853014b6c19bc6fb3dba65c
Instruction Fuzzy Hash: 2FE0D8725403046BE6509E06EC86B53FB58DB44930F54C457EE085B301E1B5B5048AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0121A8E7, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf41b625483618a57af81e49d2de664188d4ca5da0fd7b860f28b23e0ec3e098
Instruction ID: f9e2a0cebad606275a100938f78986c5f4e4d3857d985e3e0dfcceacefbcba26
Opcode Fuzzy Hash: bf41b625483618a57af81e49d2de664188d4ca5da0fd7b860f28b23e0ec3e098
Instruction Fuzzy Hash: 53E0D872540304ABE2509F06EC46F53FB58DB44A30F14C45BEE0C1B701E1B5B5148EE5

Uniqueness

Uniqueness Score: -1.00%

Function 0121A34F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 964b61a3f8bfb69b48df45f7702ae9c1685385f92bf1717b08fd0cbd17486b79
Instruction ID: b6da754ffb1286006d481b1bf7024966c0fb9bc5b7c521ca7facc6264f836b83
Opcode Fuzzy Hash: 964b61a3f8bfb69b48df45f7702ae9c1685385f92bf1717b08fd0cbd17486b79
Instruction Fuzzy Hash: 8DE0D8715403046BE6509E06EC46B53FB58DB44930F54C567EE081B701E1B5B5088BE5

Uniqueness

Uniqueness Score: -1.00%

Function 0121AB57, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a58111f07584f82afcd3b784033b537849b1c3c88f4bffef1f20682d53ad7369
Instruction ID: 766f7ad253e0fcb6a73719bf90cb50a8086651c486ce52c77c169500bf82cb0c
Opcode Fuzzy Hash: a58111f07584f82afcd3b784033b537849b1c3c88f4bffef1f20682d53ad7369
Instruction Fuzzy Hash: 02E0D8725403046BE2509E06EC46B53FB58DB44A30F14C457EE081B302E1B6B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0121A567, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a820fe92467103dc9d12c172b334f22287af264dedaecad30b637e583aed4d6d
Instruction ID: 596500712b7ae8838d4f1d7812eea9fdd7b4c641c95053536e7285ce5e5146b0
Opcode Fuzzy Hash: a820fe92467103dc9d12c172b334f22287af264dedaecad30b637e583aed4d6d
Instruction Fuzzy Hash: 24E020725403046BE6509F06EC46B53FB5CDB44930F54C557EE0C1B301E5B5B5048EE5

Uniqueness

Uniqueness Score: -1.00%

Function 0121A7BB, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fde20771f8a5f5aa7258f60da5f18519793895ac1d589ee7f7230775d7cc8a9
Instruction ID: 448eff00a8057c551c025c9ff7a37d6e424390b7f19bf75bbf4f5afb914d88dc
Opcode Fuzzy Hash: 4fde20771f8a5f5aa7258f60da5f18519793895ac1d589ee7f7230775d7cc8a9
Instruction Fuzzy Hash: C0E0D872540304ABE2509F06EC46F53FB58DB54A30F18C45BEE081B301E1B6B5188AE5

Uniqueness

Uniqueness Score: -1.00%

Function 0121A68F, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215970772.0000000001212000.00000040.00000001.sdmp, Offset: 01212000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1a046d7ef7114ae22cde30e1108525a9cf09ce8a9afe967e548680ce9f4bbf79
Instruction ID: 143f9cf6c7519614f0d39c4fd6dc863299ba5fc2fa43deb07d4b1d8374b96a85
Opcode Fuzzy Hash: 1a046d7ef7114ae22cde30e1108525a9cf09ce8a9afe967e548680ce9f4bbf79
Instruction Fuzzy Hash: 34E0D872640304ABE250DF06EC46F63FB58EB44A30F14C45BEE081B301E1B5B5148AE5

Uniqueness

Uniqueness Score: -1.00%

Function 012405B0, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.216030611.0000000001240000.00000040.00000040.sdmp, Offset: 01240000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61631a77cfcadce71cf1387ce022bcb3304d8533ac26b250102348677ca30efc
Instruction ID: 1dc276043d92cf611ee45f4ddf464bcd08a92379c2dc53eff7487d017d0cc91f
Opcode Fuzzy Hash: 61631a77cfcadce71cf1387ce022bcb3304d8533ac26b250102348677ca30efc
Instruction Fuzzy Hash: EEE0D832A042004FDA519E2DFC41095B750EA85330B1480BBDD09CB221E226A659CFA6

Uniqueness

Uniqueness Score: -1.00%

Function 0533C360, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89a8e04fe7e654b86ceedd8a33541d3b20a382fca2ba85901d60f6acc4c1ed5e
Instruction ID: 254f5347f375bbad2704f5884f2d0770a62558af0856b5ff69cc290781634a79
Opcode Fuzzy Hash: 89a8e04fe7e654b86ceedd8a33541d3b20a382fca2ba85901d60f6acc4c1ed5e
Instruction Fuzzy Hash: 6AF01E3490420CEFCB04DF98D841AADBBB6FF48310F1080A9EC1963351C732AA22EF80

Uniqueness

Uniqueness Score: -1.00%

Function 05330468, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8988d16ba5d9a2fea1cb2407a8a4e3114b517037e481c8ff0d432cc3a3de83bf
Instruction ID: dc87c38fa824e2431cf23f68bf12a1513970936e3ed7bf0e8d74467d988f15da
Opcode Fuzzy Hash: 8988d16ba5d9a2fea1cb2407a8a4e3114b517037e481c8ff0d432cc3a3de83bf
Instruction Fuzzy Hash: 84F01574C01208DFCB14EFA4D1085AEBBB4EB05201F2049A8D81063301DB749A10CF81

Uniqueness

Uniqueness Score: -1.00%

Function 0533112B, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36a3df8ccd6c3087a36768b20449280d4f7b1b12f3c54fbda627db9fde5d67b3
Instruction ID: 58c92ab936b9031e46c25841016a4a29fbcb5045684a4a2915bbd3db40b85e2e
Opcode Fuzzy Hash: 36a3df8ccd6c3087a36768b20449280d4f7b1b12f3c54fbda627db9fde5d67b3
Instruction Fuzzy Hash: 6FE0DF30804208EFC725EFB4E846AADBF70FF86302F1080A9DC0127250CB309A94DF94

Uniqueness

Uniqueness Score: -1.00%

Function 05331130, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc4987ba6af185dccc78d12bafa6957053c8018ac2b620b04f279337e86c34ec
Instruction ID: d0bb35ce766c400a1828d332a19d3daa80d5d82d8f2bb7cc99e9a520d2c81fb4
Opcode Fuzzy Hash: fc4987ba6af185dccc78d12bafa6957053c8018ac2b620b04f279337e86c34ec
Instruction Fuzzy Hash: BCE04634804208ABCB24EFA4E84A9ADBB31EB96301F1090A9DC0523240CB309A94EF94

Uniqueness

Uniqueness Score: -1.00%

Function 0533C310, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6dce87e9c8d9ac1ee5cc7413983d75d27b619e727363242a1f0896b205b0fd9a
Instruction ID: 68f57641ff80adb32873bade28cabffdeab08de6dadd63e44c190e46d3f2f185
Opcode Fuzzy Hash: 6dce87e9c8d9ac1ee5cc7413983d75d27b619e727363242a1f0896b205b0fd9a
Instruction Fuzzy Hash: 19E0E574D04208EBCB04DF98D441AACBBB5EB48210F1081AAD85563341D636AA52DF94

Uniqueness

Uniqueness Score: -1.00%

Function 05330230, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6060498c6d2c3f0977a0d838cfa0c8125914a1467d7f668018141da359c8bbf6
Instruction ID: 50ed4e35de4f298806c081e8f826b37f30986694bf0cb58756879b18f14330e1
Opcode Fuzzy Hash: 6060498c6d2c3f0977a0d838cfa0c8125914a1467d7f668018141da359c8bbf6
Instruction Fuzzy Hash: 6DE08674D09309DFCB18DFA5E10955DB7B5FB55301F1040A9D80593740DBB16E80DF91

Uniqueness

Uniqueness Score: -1.00%

Function 0533C4B8, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d58c8121535cff28c1e1c07bfa5745e614264d4bb98ed9fb63f5067b443501bf
Instruction ID: 4346dac80f87438a5102afd6c9bf78181cedf25c420f9a3298cf24e97fe315a8
Opcode Fuzzy Hash: d58c8121535cff28c1e1c07bfa5745e614264d4bb98ed9fb63f5067b443501bf
Instruction Fuzzy Hash: DDE01A74D0420CEBC704EF98D4456ACBBB9EB48200F1081A9D80963341CB31AE12CF80

Uniqueness

Uniqueness Score: -1.00%

Function 05339B00, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13ca5222853824d576eb1c552168a0cbb89516d0d01d6d0df99d8b71a39168b4
Instruction ID: 5485e840a2faafbe8ae5aecf52c611ac96376e37f0f66aa9c57fd4c73f80e176
Opcode Fuzzy Hash: 13ca5222853824d576eb1c552168a0cbb89516d0d01d6d0df99d8b71a39168b4
Instruction Fuzzy Hash: 34E04634D08208EFCB04DFA4D0056ACBBB9BB49240F1081E9D81653341D6756A00DF81

Uniqueness

Uniqueness Score: -1.00%

Function 0533AE60, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 894936906724e275ddc1bf28bd0266c7a3bdd59dbc1ed72b743c58cec5a77aa0
Instruction ID: 87610248cebfb1e405997e60b6ea3995e20db57dba62fbd5b9ed72bed10d776b
Opcode Fuzzy Hash: 894936906724e275ddc1bf28bd0266c7a3bdd59dbc1ed72b743c58cec5a77aa0
Instruction Fuzzy Hash: C0E0EC74D49308EBCB04DFA4D4466EDBBB9FB44341F1081AAE85563740DB716A44DF85

Uniqueness

Uniqueness Score: -1.00%

Function 0533A530, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: add03f6a194d978a32baf6b03fbdab81ae953d4b13eba5099ccc3aa6b72f83d3
Instruction ID: c7e5a3e0425be34d22ae31c69a7a88c51120f4e9afc24d488e78a511ee774d1f
Opcode Fuzzy Hash: add03f6a194d978a32baf6b03fbdab81ae953d4b13eba5099ccc3aa6b72f83d3
Instruction Fuzzy Hash: 13D05B70C09308DBD704DFA4D4025AD7BB9BB41301F5042A9C84513380C7755A81DB95

Uniqueness

Uniqueness Score: -1.00%

Function 0533A5B0, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edb317f1715f307f1a7ade403748e357a350f81164158257e7a33ec290f18723
Instruction ID: c08ed804bc41a1c2664ee20bae974933c0d774b1877379149a32cbf8fc58f24c
Opcode Fuzzy Hash: edb317f1715f307f1a7ade403748e357a350f81164158257e7a33ec290f18723
Instruction Fuzzy Hash: 61D05B70855308DBD704EFA4D4469ED7F79F745341F105194D44523244CB701A44DFD5

Uniqueness

Uniqueness Score: -1.00%

Function 0533B1D0, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e545e449b52f75486bfde8936dc7b793e84eeba28291596588a5db4399d60b6e
Instruction ID: 2778b7f4f6e9ed06f39c8a5c362a3202eea8df2f3d7d27c2cdad3dcddc0386b5
Opcode Fuzzy Hash: e545e449b52f75486bfde8936dc7b793e84eeba28291596588a5db4399d60b6e
Instruction Fuzzy Hash: 13D01230C55308DBC704DBA4D4566EDBB79A745241F105194940523250CB701A40DE95

Uniqueness

Uniqueness Score: -1.00%

Function 0533ADC8, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea31ae9b206c9a17e5385db684e1c462a10fe3048dbf7b520c2afa9ef26e6de2
Instruction ID: 9fe04db566a01733e4e19928ea1f7f0092db9e46c5786e758209ff1adce37c37
Opcode Fuzzy Hash: ea31ae9b206c9a17e5385db684e1c462a10fe3048dbf7b520c2afa9ef26e6de2
Instruction Fuzzy Hash: C3D05B30855308DFC708EFA4D446AED7F79B745342F105199D44623650DB701A45DFD5

Uniqueness

Uniqueness Score: -1.00%

Function 0533ACD8, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b9f50d9cb677215a05f260d39da33c5fb3a4d1ddcd44ca20bcaf6318f79a38c
Instruction ID: 7c0c0efa8f646ceabe9f14b7054f39b0213910d4a9cb9a5d0482066cdef4e0ff
Opcode Fuzzy Hash: 6b9f50d9cb677215a05f260d39da33c5fb3a4d1ddcd44ca20bcaf6318f79a38c
Instruction Fuzzy Hash: 7AD05E7084930CDBC708EBA8D842AAEBF79AB41300F1052A9DC4923255CB702A81DB95

Uniqueness

Uniqueness Score: -1.00%

Function 05332552, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7435d02770ce71d1e4a1df2cec2d9410956334ba0c4cf99d9dc92a8ddb11dba7
Instruction ID: b14396075a782ef4d6d259a355d2a19c2a7cf09abe1bb6494d2cf44160423548
Opcode Fuzzy Hash: 7435d02770ce71d1e4a1df2cec2d9410956334ba0c4cf99d9dc92a8ddb11dba7
Instruction Fuzzy Hash: 19E0C978A5121C8FDB58CF20C8466D87B75FB44700F5040A9E609A2340EF344E858F95

Uniqueness

Uniqueness Score: -1.00%

Function 05339D50, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59a31e97b2905c4305e9a1270036a8e34d50628c28f4b6e89430092f24c478f7
Instruction ID: 2bf0e38ae47e5642d2ca43fd4b7ff0488d897961ce0815d9a3148df1424d6ac3
Opcode Fuzzy Hash: 59a31e97b2905c4305e9a1270036a8e34d50628c28f4b6e89430092f24c478f7
Instruction Fuzzy Hash: 61D05E30C0930CDBD724EFB494067FCBFBDAB02601F9005E9C84526241DBB6AB55DB91

Uniqueness

Uniqueness Score: -1.00%

Function 05339D90, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fac4dca6d7a63f8481031e33fdac20556ee4955983d2c45969ff43b3a83dd7ff
Instruction ID: b0a0fba0cf59df5d9f5acd816f53fbb7be305f8edcabffda7062529e852cd2fb
Opcode Fuzzy Hash: fac4dca6d7a63f8481031e33fdac20556ee4955983d2c45969ff43b3a83dd7ff
Instruction Fuzzy Hash: E9D05E30C05308DBCB04EFACD8077ADBFB9AB41601F1011A9D80523340DBB56A50CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0533AC10, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20972681f3aac2d4d485e2cebc8f96c642801f9abf2ec3e6c072f006e8d363f5
Instruction ID: b733e70efea3818ffa02926bda7029b821e8a86d4f877a17ff746e5bf1228ed2
Opcode Fuzzy Hash: 20972681f3aac2d4d485e2cebc8f96c642801f9abf2ec3e6c072f006e8d363f5
Instruction Fuzzy Hash: 2CE01774904208DFCB04EFA8D546AACBBB9EB05601F1005A8D84597361EB71AA48DB91

Uniqueness

Uniqueness Score: -1.00%

Function 053300ED, Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06bdb4a95ae3f8dcd1c168abb7e59e12c0cbc7ae52a6b10fb8032566cfb169b2
Instruction ID: d700359002aab6d8158c53b939a903732073f254e24a03db81286d173739a291
Opcode Fuzzy Hash: 06bdb4a95ae3f8dcd1c168abb7e59e12c0cbc7ae52a6b10fb8032566cfb169b2
Instruction Fuzzy Hash: B7D01735D01108CFCB00CFA4E0486ECF775EB89325F208466C514A3200D73144558F50

Uniqueness

Uniqueness Score: -1.00%

Function 05339950, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63d4875ecd2a3f270043d875c735d21809ec143564de2317b033f8950eb421ca
Instruction ID: a807eaeadda1ec7224c46343267fc3406978185587666dddb37aa2a6587b56e6
Opcode Fuzzy Hash: 63d4875ecd2a3f270043d875c735d21809ec143564de2317b033f8950eb421ca
Instruction Fuzzy Hash: F3D0223080A30CDBD708DFA1D807BEA7B6EF703621F001098E40E63200EFF12A00DAA9

Uniqueness

Uniqueness Score: -1.00%

Function 053397A0, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af283c394a9d5c5cf8c2dab919df941347fb559f58822010cb5fcb459d1deb33
Instruction ID: a3d4a0a48668e4b657d922bf725839640b9f4075cd569ed4f8da65f22d67f7ff
Opcode Fuzzy Hash: af283c394a9d5c5cf8c2dab919df941347fb559f58822010cb5fcb459d1deb33
Instruction Fuzzy Hash: 79D0A73145530CDBC304DF50E406BE97B6DA706141F001058940953240DFB11900CA94

Uniqueness

Uniqueness Score: -1.00%

Function 0533AD90, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 67ea3240e347ed051fcafbe909e99028c527f666b30f7956adc8c8b5a173c705
Instruction ID: 998acaf26fe0eaf02b3d2c6f9055a8d0645f5b3be9fc934ba2af3dbcec4774b3
Opcode Fuzzy Hash: 67ea3240e347ed051fcafbe909e99028c527f666b30f7956adc8c8b5a173c705
Instruction Fuzzy Hash: 83D0227044A30CDBC308EBACC802FBEBB2DAB42201F201899880913240CBB12A00CAD8

Uniqueness

Uniqueness Score: -1.00%

Function 0533C5F0, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4bdd9f3ffc691e2b9d1b4562872f15370e65fed5095efd78516f817f7bd34e6
Instruction ID: c3287a280a4780a6253a6f6afb66f77866d405c5e8d44872ae72f9222b353210
Opcode Fuzzy Hash: a4bdd9f3ffc691e2b9d1b4562872f15370e65fed5095efd78516f817f7bd34e6
Instruction Fuzzy Hash: D8D0A9B040E30CDBC308EBA4C402AA97B6EEF02204F1035ACC80933240CB7AAE00CA95

Uniqueness

Uniqueness Score: -1.00%

Function 0533C3F8, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c356dc7962a8634eb4f3ad909ca239a68b26c42938f2ef4b3477e5cc3a9fa872
Instruction ID: 154fa180c82679786594ea71877d9351f2416b8fc058c52741bf12ae9f0f29f3
Opcode Fuzzy Hash: c356dc7962a8634eb4f3ad909ca239a68b26c42938f2ef4b3477e5cc3a9fa872
Instruction Fuzzy Hash: 08D0A93044A30CDBC319DBA19802BBAB72EAF02244F1024A8840923200CBB6AE10CAE0

Uniqueness

Uniqueness Score: -1.00%

Function 05339BD0, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b974065557ed42bc36da80c99926d9ed96140f298055c50a9e5d78213f0c16a
Instruction ID: 3fac7c33615758d00082e8f014d81c3034c7f248e009ffc002a98e1c91491cab
Opcode Fuzzy Hash: 4b974065557ed42bc36da80c99926d9ed96140f298055c50a9e5d78213f0c16a
Instruction Fuzzy Hash: 64D0A93180D308DFC70CDFA5E806BAA7B2DE702281F001098A60A53211DFF12A00EAA8

Uniqueness

Uniqueness Score: -1.00%

Function 05339E60, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8d9992e26187ed25840ef4aae6fcd041d975f0598ba7bbfcf686e302f6518d4e
Instruction ID: e575f9f73dbcc763df635b154980d20de18d9f1ab1017939cbcd0328550ae321
Opcode Fuzzy Hash: 8d9992e26187ed25840ef4aae6fcd041d975f0598ba7bbfcf686e302f6518d4e
Instruction Fuzzy Hash: 43D0A932489308EBC308DFA0D806BEA7BADB702241F001098F40B13600CFB12A04DB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0533A0F0, Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea91bca4458a59e569c0e7678047894732a0590c413fafd100fa9d7ac5cce6cc
Instruction ID: 69bf43ef72bd52db42ef18c55037601a570629fbcfa4644557d6047dce97b176
Opcode Fuzzy Hash: ea91bca4458a59e569c0e7678047894732a0590c413fafd100fa9d7ac5cce6cc
Instruction Fuzzy Hash: 27D0227085930CDFC308DBA1D807BEEBBADE706241F401098E40E13600CFB52A00EE98

Uniqueness

Uniqueness Score: -1.00%

Function 0533120D, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 318231469277ea8edf47154c0afab419c58676b365bb037cb04ec07498e79226
Instruction ID: f082baa1ba867ae7c642684620a4984fc0a682060d115b6fcb471b159b45899c
Opcode Fuzzy Hash: 318231469277ea8edf47154c0afab419c58676b365bb037cb04ec07498e79226
Instruction Fuzzy Hash: 98E0E238E08388CFCB20CFB8E8908DDBBF5BB09240B205629D442A7342DB306802CF50

Uniqueness

Uniqueness Score: -1.00%

Function 0533AC50, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6376abaefb5d73b17f370ef63cc7a292b902b818fa61324cebb6b0b359174b06
Instruction ID: 2fecfe0b73ffad900147b39f0b22f64e881d8fce906224009154a0b9ba5e0798
Opcode Fuzzy Hash: 6376abaefb5d73b17f370ef63cc7a292b902b818fa61324cebb6b0b359174b06
Instruction Fuzzy Hash: A0D022B080B30CDBC300EB98E4467AEB7ECE706200F181894980AA3661CA722E00CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0533A4F8, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5000ab2b228dc22fb5460f29830c612a49df05d240495a1dede112bea961d2c
Instruction ID: 685f332ce2601ca4ba40a8b146e67b02247f80a392bc401bdb4d58db3a18db42
Opcode Fuzzy Hash: a5000ab2b228dc22fb5460f29830c612a49df05d240495a1dede112bea961d2c
Instruction Fuzzy Hash: DBD022B040A308DBD300EBA8C806BBE7BEDE70A240F000980988A43240CA796E00EBD0

Uniqueness

Uniqueness Score: -1.00%

Function 012023F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215908820.0000000001202000.00000040.00000001.sdmp, Offset: 01202000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff981a79d687256a6938ef8789134e027dba2d8865809b383640ecc2fe7e219
Instruction ID: 6f7a6abebd7696a03b4d8ca61d242e7f3cdd2eb45c8d82b3de0578c4e48f1343
Opcode Fuzzy Hash: 8ff981a79d687256a6938ef8789134e027dba2d8865809b383640ecc2fe7e219
Instruction Fuzzy Hash: 39D05E79225A928FE3278A1CC1A8B953FA4EB51B04F4744FEE9008B6A3C368D981D200

Uniqueness

Uniqueness Score: -1.00%

Function 053300CD, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d08215436574722200948568c794f7e975750d06874bd3f5e54883f7564c8434
Instruction ID: 8214619b6c8d163ea3508a3c465aa50b02326856d969ed3acee3ea5006efd6a0
Opcode Fuzzy Hash: d08215436574722200948568c794f7e975750d06874bd3f5e54883f7564c8434
Instruction Fuzzy Hash: 1FD0C936E01108CF8B10CFE8E0444DCF775EB8A225B609466C514B3310D7319415CF50

Uniqueness

Uniqueness Score: -1.00%

Function 012023BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.215908820.0000000001202000.00000040.00000001.sdmp, Offset: 01202000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 292b5a22706ec354cb4dd4bce0547b7d43a2e158853e67d9ff2fa3b60e3f80d8
Instruction ID: 077b827658dab3868816e9dcbe09359bc8d8db033e3d7910ffaed69c3800bcb0
Opcode Fuzzy Hash: 292b5a22706ec354cb4dd4bce0547b7d43a2e158853e67d9ff2fa3b60e3f80d8
Instruction Fuzzy Hash: 18D05E342102828BDB16DB0CD598F593BD4AB41B00F0645E9BE008B6A2C3B4D881C600

Uniqueness

Uniqueness Score: -1.00%

Function 0533C540, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5e4da206e8a8b0096fc7c1135e1da3a9b0f90bcb3da858b186ecb62eb51fbe2a
Instruction ID: e30291d0455666b98ad810384579e6d01192c57b34042ff0cf7c0f0752976b0d
Opcode Fuzzy Hash: 5e4da206e8a8b0096fc7c1135e1da3a9b0f90bcb3da858b186ecb62eb51fbe2a
Instruction Fuzzy Hash: 5FC08C300A9B0A83E208224AA44F3F23B8DAB06252F003800710F118038BA1A440CAD8

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 05332990, Relevance: 5.1, Strings: 4, Instructions: 141COMMON

Download Yara Rule

Strings

f]?r, xrefs: 053329F0
:@:r, xrefs: 05332ABC
>_?r, xrefs: 05332AD9
`5ar, xrefs: 05332B95

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: :@:r$>_?r$`5ar$f]?r
API String ID: 0-3822966099
Opcode ID: 5e681f1f3d306ef20442790f3ede449ef718649bf613a96f590e762e279b73ef
Instruction ID: 0bc413d4c68a9a2feb5ffc06ca5ae0f01f4d45ed84a6bec900cd6cdde03d4989
Opcode Fuzzy Hash: 5e681f1f3d306ef20442790f3ede449ef718649bf613a96f590e762e279b73ef
Instruction Fuzzy Hash: 42519A74A2420ACBD70CDFAAE84579DBFF2FF84304F14812AE114AB295EFB41D468B54

Uniqueness

Uniqueness Score: -1.00%

Function 053329A0, Relevance: 5.1, Strings: 4, Instructions: 136COMMON

Download Yara Rule

Strings

f]?r, xrefs: 053329F0
:@:r, xrefs: 05332ABC
>_?r, xrefs: 05332AD9
`5ar, xrefs: 05332B95

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID: :@:r$>_?r$`5ar$f]?r
API String ID: 0-3822966099
Opcode ID: 0a65c042eb1b1369972a716582b474cbc5530c06afa7d3a79d130c69412b2b8f
Instruction ID: f7efb304f2de9e0bd00627945fcda06b330751c62b7d4efb531f6428e4b389ca
Opcode Fuzzy Hash: 0a65c042eb1b1369972a716582b474cbc5530c06afa7d3a79d130c69412b2b8f
Instruction Fuzzy Hash: E5517934A2020ACBD70CDFAAE84579DBFF6FF84304F10812AE114AB294DFB41C468B95

Uniqueness

Uniqueness Score: -1.00%

Function 009A789B, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.213917012.00000000009A2000.00000002.00020000.sdmp, Offset: 009A0000, based on PE: true

Associated: 00000000.00000002.213900568.00000000009A0000.00000002.00020000.sdmp Download File

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab457309687034bac983b0f6fdb553522b7a3f49b768f94b598a3b1384dab46e
Instruction ID: 03702cd2884d8fd2cf15c002e21a8214776f4f6a2aa80d84ad073434894e61cc
Opcode Fuzzy Hash: ab457309687034bac983b0f6fdb553522b7a3f49b768f94b598a3b1384dab46e
Instruction Fuzzy Hash: 31419E6140E3C08FC3839B7488656907FB1AF17214B4A05EBE0C5CF0B7E2691D5ADB72

Uniqueness

Uniqueness Score: -1.00%

Function 0533C9C8, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.224694766.0000000005330000.00000040.00000001.sdmp, Offset: 05330000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6947e5759c24e36b461612066b4447a7e8416da45e1a8973aa8dadbe915c8f71
Instruction ID: b1a49df3ded3b02fe511980c355b4f6a908524f3744cabfd8b0e2bf2dcbe7ba5
Opcode Fuzzy Hash: 6947e5759c24e36b461612066b4447a7e8416da45e1a8973aa8dadbe915c8f71
Instruction Fuzzy Hash: E211F570D142199FDB14DFAAD849BEEBAF4BF0A300F14A469E045B3241D7748A40CFA8

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: RegSvcs.exe PID: 6228 Parent PID: 2788 RegSvcs.exeCOMMON

Executed Functions

Function 0319B068, Relevance: 2.2, Strings: 1, Instructions: 910COMMON

Download Yara Rule

Strings

r, xrefs: 0319BB1C

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: r
API String ID: 0-1812594589
Opcode ID: 5f4e0caf793f9cffd5f4a84a3272edffd71aac5741f18385019d79720aa66470
Instruction ID: fdd9dee7fb3ea1ab3778cad1433798d8b9313f458e54e2e64d54e920ba2f2860
Opcode Fuzzy Hash: 5f4e0caf793f9cffd5f4a84a3272edffd71aac5741f18385019d79720aa66470
Instruction Fuzzy Hash: BA823670A04605CFDB14CF68D990AAEFBB2FF88310F15C5AAD41AAB651D770E981CF90

Uniqueness

Uniqueness Score: -1.00%

Function 03193850, Relevance: 2.0, Strings: 1, Instructions: 738COMMON

Download Yara Rule

Strings

>_?r, xrefs: 03193F9D

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: >_?r
API String ID: 0-2961507119
Opcode ID: 64a28f5783112b69b45c160ee175dbebd372c70f3a41a3ed19cdbff0a6db96b9
Instruction ID: 1130fbc511d1c49b23ddb3e5972ec580971b29223bb82c39c9182c4fa3dbe460
Opcode Fuzzy Hash: 64a28f5783112b69b45c160ee175dbebd372c70f3a41a3ed19cdbff0a6db96b9
Instruction Fuzzy Hash: 6B42C335A00205CFDF14CF68C8949AABBF6FF89300B1989A7D9259F256D731EC81CB91

Uniqueness

Uniqueness Score: -1.00%

Function 058A25D8, Relevance: 1.6, APIs: 1, Instructions: 90networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A268B

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 1d6f670c0dece53b98d7baa5a53c094d3a89926ca36404267bf85ac806036a4c
Instruction ID: bb352491ed362ea3fc252e3389d31fbe19e9d3b1a3bf79a0ed26129a0833fbc2
Opcode Fuzzy Hash: 1d6f670c0dece53b98d7baa5a53c094d3a89926ca36404267bf85ac806036a4c
Instruction Fuzzy Hash: D8318D7150D3C06FD7138B248C54B96BFB8AF47220F0985DBE984DF1A3D224A909C772

Uniqueness

Uniqueness Score: -1.00%

Function 058A10A3, Relevance: 1.6, APIs: 1, Instructions: 75COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 058A1123

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 0f540f7d410d65b6317a4c1d9ac997890aa808951d91b1bc173fb1a8cf75c879
Instruction ID: 5b027a631262ea5665cc8bf081589a27f11afd0a46b74971d0aa327bb3732b27
Opcode Fuzzy Hash: 0f540f7d410d65b6317a4c1d9ac997890aa808951d91b1bc173fb1a8cf75c879
Instruction Fuzzy Hash: FB21BF76509384AFEB228F25DC44B52BFB4AF06210F0885DAED85CF163D371A908DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A2AE6, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A2B56

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: 2dd28aae60320c3372ead9f74f44bbb28abcdb72a037744c335d56bfd711d4d1
Instruction ID: 97d75937f0efc5b35e2a890617681ee179294ffbf13202748b676efb7a1ce9dc
Opcode Fuzzy Hash: 2dd28aae60320c3372ead9f74f44bbb28abcdb72a037744c335d56bfd711d4d1
Instruction Fuzzy Hash: E2119D72400604EFEB21CF55DD40FA7FBA8EF09310F14896BEE469B651D674A5098BB1

Uniqueness

Uniqueness Score: -1.00%

Function 058A12DF, Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 058A1355

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: 47f5a8fe37c2ebd63e9753daf6f6b3e8406c539665e5553e831c8e010c6f725f
Instruction ID: 6b542b9288e437f2ffbbb6d6eb838fb19bd3b9c0cb4bd512e2238daa25bf2790
Opcode Fuzzy Hash: 47f5a8fe37c2ebd63e9753daf6f6b3e8406c539665e5553e831c8e010c6f725f
Instruction Fuzzy Hash: 3521A1764097C0AFDB238B21DC45A51FFB4EF17214F0980DBED848B563D265A909DB62

Uniqueness

Uniqueness Score: -1.00%

Function 058A262A, Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

bind.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A268B

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: bind
String ID:
API String ID: 1187836755-0
Opcode ID: 9784d8d0f8cc7e71bd4cc90acf6277dc64f374465b5fd0b18c9a443c3c430354
Instruction ID: e4054a54c920f4bb720e48ef78d27ec15e42532540ff42aa46f4b52417daf76b
Opcode Fuzzy Hash: 9784d8d0f8cc7e71bd4cc90acf6277dc64f374465b5fd0b18c9a443c3c430354
Instruction Fuzzy Hash: 5A119D76500204AFE721DF55DC84FA6BBA8EF44720F1484ABEE4ADB251D674A908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A10DA, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

AdjustTokenPrivileges.KERNELBASE(?,?,?,?,?,?), ref: 058A1123

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: AdjustPrivilegesToken
String ID:
API String ID: 2874748243-0
Opcode ID: 2cbdac2aaba518268b6684dd5c55888dd3e020beb458258012f29b41210a66cb
Instruction ID: f1737621a817822a02f8dd4d33c3a5c04ec52017d4ab2057d3c4eea962539072
Opcode Fuzzy Hash: 2cbdac2aaba518268b6684dd5c55888dd3e020beb458258012f29b41210a66cb
Instruction Fuzzy Hash: 21119E365006049FEB20DF55D848B66FBE5EF04620F0885AADD49CB651D771E808DF61

Uniqueness

Uniqueness Score: -1.00%

Function 058A0D66, Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 058A0D98

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 4a136bdcd5e5f7ec233a64956dd93e4c5d793f0395f74b5466c28bb1f14d6818
Instruction ID: 8fca912373b8d532694f90f73f275b7eb09432f1064d8088d186634811bd66ed
Opcode Fuzzy Hash: 4a136bdcd5e5f7ec233a64956dd93e4c5d793f0395f74b5466c28bb1f14d6818
Instruction Fuzzy Hash: 7501A276800244DFEB10CF15D888B66FF94EF44220F18C5AADE489F206D675A804CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058A131A, Relevance: 1.5, APIs: 1, Instructions: 38nativeCOMMON

Download Yara Rule

APIs

NtQuerySystemInformation.NTDLL(?,?,?,?), ref: 058A1355

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: InformationQuerySystem
String ID:
API String ID: 3562636166-0
Opcode ID: f5972cc6e9fb72d9b8f93844ea91be46a7cda7090268c01036d05fe58d34f333
Instruction ID: 56fbbf9e86ef65c2ed92ee6f7d010973d02a2bf318b3d9056cac6206e0c4267b
Opcode Fuzzy Hash: f5972cc6e9fb72d9b8f93844ea91be46a7cda7090268c01036d05fe58d34f333
Instruction Fuzzy Hash: 0D018F36800644DFEB20CF15D888B66FFA5FF04720F08C19ADE494BA11D375A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 03052477, Relevance: .6, Instructions: 640COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.474869794.0000000003052000.00000040.00000001.sdmp, Offset: 03052000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a919df3c1057851e5a3a1b37d1adefbda6b1cfb45873f1046546225a43c3932
Instruction ID: c8872439c21dbab2adee6e12d8da7aeafa64e36f233ba5748a886a24af631672
Opcode Fuzzy Hash: 2a919df3c1057851e5a3a1b37d1adefbda6b1cfb45873f1046546225a43c3932
Instruction Fuzzy Hash: 04227E62D0F3D19FC717CB788864196FFBAAF6720171E0CCAE8C18A1A3E2195445D76A

Uniqueness

Uniqueness Score: -1.00%

Function 03198798, Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f12dc922abbfbb3efe4aea2b5950fd77ed577eb1c7c363f819cf4477fc036095
Instruction ID: 900f1e9ab37379c78388043a0c44747ffc2d85237e50e99162ebc629bbab5b12
Opcode Fuzzy Hash: f12dc922abbfbb3efe4aea2b5950fd77ed577eb1c7c363f819cf4477fc036095
Instruction Fuzzy Hash: AC12AD74A10215CFEB18CF68C49066DBBF6FF8A304F29856BD016DB291DBB5A881CF50

Uniqueness

Uniqueness Score: -1.00%

Function 031923A0, Relevance: .5, Instructions: 505COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 78ed7a7706860f1768cff8f88d5526c57ba66237a4fd2b5b14814ed4be3cb06b
Instruction ID: a161259dc9d6c4d0967eefa0eb06dbe35b5c9c5fdbe683a05c277b1ef285c48e
Opcode Fuzzy Hash: 78ed7a7706860f1768cff8f88d5526c57ba66237a4fd2b5b14814ed4be3cb06b
Instruction Fuzzy Hash: 3112B231A01219DFEB28DF29D5806ADB7F2FF8D304F19896BD406DB255DB789886CB40

Uniqueness

Uniqueness Score: -1.00%

Function 03192FA8, Relevance: .2, Instructions: 239COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7c02301b913e7b537f5914bdc1f7c1091de1d6e69e6b78652cd72c169ea1dac
Instruction ID: b9731875614c485840731628c68beca87aa265a9678e8e82bc38addcf9ba40c0
Opcode Fuzzy Hash: a7c02301b913e7b537f5914bdc1f7c1091de1d6e69e6b78652cd72c169ea1dac
Instruction Fuzzy Hash: C3819D35F011159BEB08DB69C894A6EBBF3AFC8710F2A8876D415DB369DF319C418B90

Uniqueness

Uniqueness Score: -1.00%

Function 0319EED8, Relevance: 10.5, Strings: 8, Instructions: 467COMMON

Download Yara Rule

Strings

,:ar, xrefs: 0319F06D
X1ar, xrefs: 0319F1A6
,:ar, xrefs: 0319F063
0`r, xrefs: 0319F23A
:@:r, xrefs: 0319F3DD
:@:r, xrefs: 0319F3BF
0`r, xrefs: 0319F244
X1ar, xrefs: 0319F1B0

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: ,:ar$,:ar$0`r$0`r$:@:r$:@:r$X1ar$X1ar
API String ID: 0-596808641
Opcode ID: 6b2c4087bdd3af348547dba758bb5ef82678e4a64e49c7ad4c96fc8ea7841fcb
Instruction ID: 2c4d573a2829c4aa6ae891ef0404be47cd24eaf21491e6ccdd2c03d2ed97bf27
Opcode Fuzzy Hash: 6b2c4087bdd3af348547dba758bb5ef82678e4a64e49c7ad4c96fc8ea7841fcb
Instruction Fuzzy Hash: 48121E34A00210DFDB18DF68D158A697BF2FF89712F26809AE9469B371DB75EC81CB41

Uniqueness

Uniqueness Score: -1.00%

Function 031909A0, Relevance: 5.2, Strings: 4, Instructions: 178COMMON

Download Yara Rule

Strings

X1ar, xrefs: 03190A50
X1ar, xrefs: 03190AA2
X1ar, xrefs: 03190A98
X1ar, xrefs: 03190A5A

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: X1ar$X1ar$X1ar$X1ar
API String ID: 0-346077691
Opcode ID: 7dee90854e002b55a8886acf9066478f47a57bbea92193b4c0388ccd1c5a950b
Instruction ID: 84d96883cb1ef7b1d021ffca01ff8acac87860d0f1166a08900473db6be3c646
Opcode Fuzzy Hash: 7dee90854e002b55a8886acf9066478f47a57bbea92193b4c0388ccd1c5a950b
Instruction Fuzzy Hash: 4B51B239B01205DFDF14DB68C854AAEB7F6AF8C708F2585A6E507DB264DB31AD41CB80

Uniqueness

Uniqueness Score: -1.00%

Function 031902E8, Relevance: 2.7, Strings: 2, Instructions: 174COMMON

Download Yara Rule

Strings

:@:r, xrefs: 03190537
`5ar, xrefs: 031903A5

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: :@:r$`5ar
API String ID: 0-3512261011
Opcode ID: 4d441cba5eadd8094976749cc1bf2c61c94f6611dbac80936b899709348dae36
Instruction ID: 24411843c42c6f1404d8edd2230aa24440648bfaf19fa1ca288b16b9b487436e
Opcode Fuzzy Hash: 4d441cba5eadd8094976749cc1bf2c61c94f6611dbac80936b899709348dae36
Instruction Fuzzy Hash: 44515C30A05205CFEB08DF68C450BAEBBF2EF8D710F1984AAD506AB761DB75AD41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 06B30B40, Relevance: 2.6, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

X1ar, xrefs: 06B30C51
l_r, xrefs: 06B30CF8

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID: X1ar$l_r
API String ID: 0-1851361061
Opcode ID: f99f93f932bb235b188455cd9911d023e2d7c6526d55442663735f63a3a15a39
Instruction ID: 797e26d3650e4e69a76dbb79c1b325864085cffecfcd445206e6c47335649c9a
Opcode Fuzzy Hash: f99f93f932bb235b188455cd9911d023e2d7c6526d55442663735f63a3a15a39
Instruction Fuzzy Hash: F8519074B01219DFDB54EFB8D4506AEBBF2AF89304F5485AAC406AB354EB349845CBD0

Uniqueness

Uniqueness Score: -1.00%

Function 03192D58, Relevance: 2.6, Strings: 2, Instructions: 133COMMON

Download Yara Rule

Strings

, xrefs: 03192E76
>_?r, xrefs: 03192DA5

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: $>_?r
API String ID: 0-334426466
Opcode ID: ed0f8d76b6012323e5bbb6d1426de45e307e0fe6ebe199889584b64ada09e9b8
Instruction ID: 641de7d7ea0e62751af248b903a2ead22dcaf428411d4ef093238619aa7d5d85
Opcode Fuzzy Hash: ed0f8d76b6012323e5bbb6d1426de45e307e0fe6ebe199889584b64ada09e9b8
Instruction Fuzzy Hash: 8641B230E04219AFEF14DF69C8805AEB7A2ABCD214B29C867C415DB605C735E863CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06B30CB5, Relevance: 2.6, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

X1ar, xrefs: 06B30C51
l_r, xrefs: 06B30CF8

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID: X1ar$l_r
API String ID: 0-1851361061
Opcode ID: 852ea2ae88a71576d74decae51c323c92614d9be090d56c1b16602a01b6b48ca
Instruction ID: fadfe7f2becfb99ccb9dc93ba8428bc862df3039bddd4c4ae2a7905d8ff8e05a
Opcode Fuzzy Hash: 852ea2ae88a71576d74decae51c323c92614d9be090d56c1b16602a01b6b48ca
Instruction Fuzzy Hash: 31319F75B022048FDB05EFB8C1102AEB7E2BFC9300B54859AC406AB354EB349906CB81

Uniqueness

Uniqueness Score: -1.00%

Function 06B30CC1, Relevance: 2.6, Strings: 2, Instructions: 86COMMON

Download Yara Rule

Strings

X1ar, xrefs: 06B30C51
l_r, xrefs: 06B30CF8

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID: X1ar$l_r
API String ID: 0-1851361061
Opcode ID: 852ea2ae88a71576d74decae51c323c92614d9be090d56c1b16602a01b6b48ca
Instruction ID: fadfe7f2becfb99ccb9dc93ba8428bc862df3039bddd4c4ae2a7905d8ff8e05a
Opcode Fuzzy Hash: 852ea2ae88a71576d74decae51c323c92614d9be090d56c1b16602a01b6b48ca
Instruction Fuzzy Hash: 31319F75B022048FDB05EFB8C1102AEB7E2BFC9300B54859AC406AB354EB349906CB81

Uniqueness

Uniqueness Score: -1.00%

Function 03195EBB, Relevance: 2.5, Strings: 2, Instructions: 26COMMON

Download Yara Rule

Strings

l_r, xrefs: 03195ED6
-So^, xrefs: 03195EE2, 03195EE7

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: l_r$-So^
API String ID: 0-695161330
Opcode ID: 3a702649d213093e2c0aef491b4fae62ec2f5c93fc61ceb542c2658b868f2841
Instruction ID: 0d0b1d6ee29507ead495d148282bba8930b206a18085468cee73b572f665e6ca
Opcode Fuzzy Hash: 3a702649d213093e2c0aef491b4fae62ec2f5c93fc61ceb542c2658b868f2841
Instruction Fuzzy Hash: 68E0D8317432514FD711EFB8DC505BE3BAAAFC6601309049AE402DB346DF249C01C3D1

Uniqueness

Uniqueness Score: -1.00%

Function 03195EC8, Relevance: 2.5, Strings: 2, Instructions: 20COMMON

Download Yara Rule

Strings

l_r, xrefs: 03195ED6
-So^, xrefs: 03195EE2, 03195EE7

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: l_r$-So^
API String ID: 0-695161330
Opcode ID: dacb06f4af2e0b9bb19f76dce02c66de57f10ef6ea839f104bb4a7f7bd88e0f9
Instruction ID: 691c5c909586e44aea24c7404d8ee0c903cc65a124a59c09390590556b8c95c6
Opcode Fuzzy Hash: dacb06f4af2e0b9bb19f76dce02c66de57f10ef6ea839f104bb4a7f7bd88e0f9
Instruction Fuzzy Hash: 0BD05E25B422551B9904EABED80067E668E5BC5956304481AE806DA345EE159C0183DA

Uniqueness

Uniqueness Score: -1.00%

Function 031912A0, Relevance: 1.7, Strings: 1, Instructions: 460COMMON

Download Yara Rule

Strings

$g^r, xrefs: 03191349

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: $g^r
API String ID: 0-3653196314
Opcode ID: 301c57ca893f89319b211ac7687f18e4ade348b6ccbd796b4a91f7d5d5f5b985
Instruction ID: b1e3fc0a8b8efecccc44664f3d89c58593ccd04bc9238e5437f6d7b677590efe
Opcode Fuzzy Hash: 301c57ca893f89319b211ac7687f18e4ade348b6ccbd796b4a91f7d5d5f5b985
Instruction Fuzzy Hash: 19220B34A00605CFCB24DF28D480A9ABBF6FF89310F1585AAD95A9B765DB34ED85CF40

Uniqueness

Uniqueness Score: -1.00%

Function 058A1590, Relevance: 1.6, APIs: 1, Instructions: 122networkCOMMON

Download Yara Rule

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 058A1686

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: 696a5bea8700563b03fd74668c613a6749ea4468062cd9de7d96b5387b6c9259
Instruction ID: bbe0ace5306a190329d497f1f6ef4cfd65c26f69d29e7385c629cb930d596e98
Opcode Fuzzy Hash: 696a5bea8700563b03fd74668c613a6749ea4468062cd9de7d96b5387b6c9259
Instruction Fuzzy Hash: 3841146540E7C06FD3138B358C61A61BF74AF87614B0E85CBE884CF5A3D269A90AD772

Uniqueness

Uniqueness Score: -1.00%

Function 058A0390, Relevance: 1.6, APIs: 1, Instructions: 93registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 058A045E

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 148156a7309fe11ba28ce75168e7e3fdd95bee3b1b1600a250dd242a3ae8a17b
Instruction ID: 796cc031b1d59f5a3e4365654f5e6be82da4a1fcf56d14f39298c7b0a8699bde
Opcode Fuzzy Hash: 148156a7309fe11ba28ce75168e7e3fdd95bee3b1b1600a250dd242a3ae8a17b
Instruction Fuzzy Hash: 4B31C672004344AFE7228F20CC41FA6FFB8EF06714F04499EED859B192D3A5A949CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A07F4, Relevance: 1.6, APIs: 1, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 058A0899

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 307ec065dcdf213de09b22acc4b53f5c531b9ec0ced62c0a268ada90deec72df
Instruction ID: ad3629ecc5f83bdf3bb5e8cc839f75210d0a758b2bd214fe0e6e4f6621cd2c7f
Opcode Fuzzy Hash: 307ec065dcdf213de09b22acc4b53f5c531b9ec0ced62c0a268ada90deec72df
Instruction Fuzzy Hash: 5E318BB2504380AFE722CB25CC45F66BFE8EF45610F0884AEED858B252D375E809DB71

Uniqueness

Uniqueness Score: -1.00%

Function 0305AA02, Relevance: 1.6, APIs: 1, Instructions: 92registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0305AAB1

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 1b8c4b96484051b85b4dcbeea00b2d515374620449aa1f9e0a74950b1bafdd04
Instruction ID: de81d6a47ddc8d0fc3abde77dbcc9d4536aa3a1977decd19c184afa8ed0e0e4f
Opcode Fuzzy Hash: 1b8c4b96484051b85b4dcbeea00b2d515374620449aa1f9e0a74950b1bafdd04
Instruction Fuzzy Hash: 1331A272544384AFE7228B25CC45F67BFECEF06710F08859BFD819B152D264A909CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A2360, Relevance: 1.6, APIs: 1, Instructions: 90timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A23FD

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 94a0089bc1194849cb348ba53af3c2aaa2aeaafcd1bd1d6eb68479857d8d83e9
Instruction ID: 00c12e5a43cd0118e5241c8f0e42250da8e419e70ef714df37c726b09089597e
Opcode Fuzzy Hash: 94a0089bc1194849cb348ba53af3c2aaa2aeaafcd1bd1d6eb68479857d8d83e9
Instruction Fuzzy Hash: 4D31B472509380AFEB228F64DC45F96BFB8EF46314F0885DBE985DB1A2C225A905C761

Uniqueness

Uniqueness Score: -1.00%

Function 058A00F6, Relevance: 1.6, APIs: 1, Instructions: 89synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 058A019D

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: b509a220f31740508ea9bca2da7bd5ec9bdb2f273faad5b970004c5b21c7761e
Instruction ID: 1aff743213c181b758ba9076deb1653fcf5e0854bdc2e0239fcb521479cc6d2e
Opcode Fuzzy Hash: b509a220f31740508ea9bca2da7bd5ec9bdb2f273faad5b970004c5b21c7761e
Instruction Fuzzy Hash: CC319371509780AFE712DB25DC44F96FFE8EF06210F08849AED84CB292D375E909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0305AAF9, Relevance: 1.6, APIs: 1, Instructions: 89registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 0305ABB4

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 641847c6477fa3f3e175b613e0a94e7886950461acb02945e0fceaa6d56b086c
Instruction ID: 840c2e0d03d6bb19511096814ddd7ec656781df9511b1fcd6621fcb8af4c56db
Opcode Fuzzy Hash: 641847c6477fa3f3e175b613e0a94e7886950461acb02945e0fceaa6d56b086c
Instruction Fuzzy Hash: A031B372109384AFE722CB25CC44F93FFECEF06310F08859AE9858B253D264E548CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 058A27C3, Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A2869

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: 3200fcb0ed2d88de849e9c847ea57f3357e5dabcbc34837d74ab16b5dee981a7
Instruction ID: 368764f250119f477f11770a8871959e56c5f0a3fca357a28aadae49f9b5f7c6
Opcode Fuzzy Hash: 3200fcb0ed2d88de849e9c847ea57f3357e5dabcbc34837d74ab16b5dee981a7
Instruction Fuzzy Hash: FA319F72409380AFE722CF25DC55F96BFB8EF46310F0884DBED859B163D225A908C761

Uniqueness

Uniqueness Score: -1.00%

Function 058A1EF4, Relevance: 1.6, APIs: 1, Instructions: 87fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 058A1FA6

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: 10665b0cae0c55edcf8ef5954e54916fed4ae7cfb4b1af9c454280d8346cc828
Instruction ID: 4cf0176977e58e1168da30a4fef0db960a10c430e5512d742ac51a3b0d522d16
Opcode Fuzzy Hash: 10665b0cae0c55edcf8ef5954e54916fed4ae7cfb4b1af9c454280d8346cc828
Instruction Fuzzy Hash: E831B4B2404784AFE722CB55DC45F96FFF8FF06320F04859AE9849B292D375A909CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A04AB, Relevance: 1.6, APIs: 1, Instructions: 86registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A055C

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: f8478aada4e41975e4bbc1cd5a85ac774ff0a2881fa4eb4700c3784ec095d72c
Instruction ID: 011bf208c9c4e5c095368a7ddddaaef2f77ed400eede148ff360e9d1f651fa06
Opcode Fuzzy Hash: f8478aada4e41975e4bbc1cd5a85ac774ff0a2881fa4eb4700c3784ec095d72c
Instruction Fuzzy Hash: 1431A272109780AFE722CB65DC44F52BFF8AF07310F0885DAE9859B1A2D264E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0305AF50, Relevance: 1.6, APIs: 1, Instructions: 86COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0305AFEA

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: e8d43f5f27324466e7f65ebe6557298b522a30429f744c7eef1eaaf495c91b88
Instruction ID: 28aaab99303d3cf41fafb50412cd4ba3d7a859fc18da3526f6aceda501a85335
Opcode Fuzzy Hash: e8d43f5f27324466e7f65ebe6557298b522a30429f744c7eef1eaaf495c91b88
Instruction Fuzzy Hash: 3A31827550E3C06FD7138B658C55B22BFB8EF47610F0A41DBE884CF5A3D228A919C762

Uniqueness

Uniqueness Score: -1.00%

Function 0305A120, Relevance: 1.6, APIs: 1, Instructions: 83networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0305A1BD

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: 696854091a9d09b3d4f044dcc88125d39794a286f1ed653ee3fea1030d3e0e97
Instruction ID: 5521c7449910f2975e1ebfd819c0fb875aa2ed0cce4b98de9345f82ea711163c
Opcode Fuzzy Hash: 696854091a9d09b3d4f044dcc88125d39794a286f1ed653ee3fea1030d3e0e97
Instruction Fuzzy Hash: A631A07140D3C06FD3128B758C55B62BFB4EF87620F1985DBD9848F2A3D225A909CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 058A29CD, Relevance: 1.6, APIs: 1, Instructions: 80networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A2A62

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 89c1a1c5c11f9a739dd74f5b73868a281575f38445e3187926528c2523033bc8
Instruction ID: 209afef47a4890de7c90c8ec58e33fae4aa1b0faad9568ad139f8da3cd57a2bc
Opcode Fuzzy Hash: 89c1a1c5c11f9a739dd74f5b73868a281575f38445e3187926528c2523033bc8
Instruction Fuzzy Hash: CE21A372404344AFEB228F55DC40FA7BFACEF45310F0489ABEE859B152D234A505CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A02AB, Relevance: 1.6, APIs: 1, Instructions: 79registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 058A0353

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0989b6532b6cdab6d3c038db68d33c940eb34b200bbe604a5f7460bec4bbbc6c
Instruction ID: 82e3e993ac83177f43ea288a77620701e7cfb0cb2d97fb8f65ee0b9bebd01f71
Opcode Fuzzy Hash: 0989b6532b6cdab6d3c038db68d33c940eb34b200bbe604a5f7460bec4bbbc6c
Instruction Fuzzy Hash: 8321BA75009380AFE7228B10DC45FA6FFB4EF06710F1485DAED849B192D275A909D771

Uniqueness

Uniqueness Score: -1.00%

Function 058A08F0, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A0985

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: de06f717629a2d50fbd29fd7aad0dbbf40bc3b7c60db91b9ecb921d5b5b46282
Instruction ID: 4e10fc52d05142e103323282da9415f74d543d663ada096fd50509b995c81f27
Opcode Fuzzy Hash: de06f717629a2d50fbd29fd7aad0dbbf40bc3b7c60db91b9ecb921d5b5b46282
Instruction Fuzzy Hash: 7221D6B6408784AFF7128B25DC44FA2BFA8EF47720F18819BED849B253D264A905C771

Uniqueness

Uniqueness Score: -1.00%

Function 058A1E12, Relevance: 1.6, APIs: 1, Instructions: 78COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 058A1E9D

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 9a117edd89c9c37918a2027f7144c912cb5a51257676aba520bc7465c142148e
Instruction ID: 624b00daded54392685cecb25fa7328975eb54b0ebe8da980bdb83600110a97a
Opcode Fuzzy Hash: 9a117edd89c9c37918a2027f7144c912cb5a51257676aba520bc7465c142148e
Instruction Fuzzy Hash: F4219FB2509380AFE721CB65CC44F66FFA8EF45610F08849EED849B292D375E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A16B2, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 058A173E

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: 2aa5f562ba59dd0fa46998d60e764d08c452dc86ce5aa1b8abbcbb97895644bf
Instruction ID: d07db493851cc8091f43b122f7c96c7febb5e796019a9f5e0a372614452796b0
Opcode Fuzzy Hash: 2aa5f562ba59dd0fa46998d60e764d08c452dc86ce5aa1b8abbcbb97895644bf
Instruction Fuzzy Hash: A121A071504380AFE722CF61DC44F56FFB8EF05210F08859EED859B652C375A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A2AC6, Relevance: 1.6, APIs: 1, Instructions: 77networkCOMMON

Download Yara Rule

APIs

WSARecv.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A2B56

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Recv
String ID:
API String ID: 4192927123-0
Opcode ID: f8b0abefab6a44fe3ebf7f75af13e0841e02014ff9ad61bdf2f60e62fcf90814
Instruction ID: f7124450d66e7dfafb2d06e947f6765f6aefdce0eecf03c08222ce5a509db978
Opcode Fuzzy Hash: f8b0abefab6a44fe3ebf7f75af13e0841e02014ff9ad61bdf2f60e62fcf90814
Instruction Fuzzy Hash: BE218172404744AFEB228F55DC44FA7FFB8EF46310F04859BEA859B152D234A509CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A081A, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE(?,?,?,?,?,?), ref: 058A0899

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: 9ab33ceb75fa0de42be34a09681a0619f4aa8629848a4647e383d1eb7d26c633
Instruction ID: 3bad5868bb1e78324a6096ecf94198b693eaacee4d42ed677d3b12cbeae10b22
Opcode Fuzzy Hash: 9ab33ceb75fa0de42be34a09681a0619f4aa8629848a4647e383d1eb7d26c633
Instruction Fuzzy Hash: FE218B76504604EFF721DF65CC45F66FBE8EF04610F14846AED858B252D371E804CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 058A0C58, Relevance: 1.6, APIs: 1, Instructions: 76fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 058A0CEF

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: d93ebf6d51dcbcf44da1838b1672354d9f0c0f762f3f241580a26399cbca218f
Instruction ID: af20403502497d1c11263bbd13ab536f81e0626d811844ec81f802d85fe3d0ab
Opcode Fuzzy Hash: d93ebf6d51dcbcf44da1838b1672354d9f0c0f762f3f241580a26399cbca218f
Instruction Fuzzy Hash: EE21F871204380AFE7218B25DC45FA6BFA8DF46710F1881DAED848F292D275A905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A03CA, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegQueryValueExA.KERNELBASE(?,00000E2C), ref: 058A045E

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 5e6e03d003c112f7f841b35e54616a5960f8c62db0e048b4f701d90bbfaa91b6
Instruction ID: 1a93600ee5bb739f53f0782981cda2e75ab4b12e269b2a59f5ab3307571a6dbc
Opcode Fuzzy Hash: 5e6e03d003c112f7f841b35e54616a5960f8c62db0e048b4f701d90bbfaa91b6
Instruction Fuzzy Hash: DA21F272100604AFFB31CF25CC45FA6FBACEF04710F10895AEE859A281D6B1A909CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 058A09C0, Relevance: 1.6, APIs: 1, Instructions: 75fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A0A51

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 4751d7d4a9bcea74196c32e8e0e0569892a9bb46492fadb99b130323aa6b4f4b
Instruction ID: 197369e4fbc071e03fa4fe0f16da0ebbceca035ac8b60ca1a7b100ea92ab7114
Opcode Fuzzy Hash: 4751d7d4a9bcea74196c32e8e0e0569892a9bb46492fadb99b130323aa6b4f4b
Instruction Fuzzy Hash: 3F219072509380AFE7228F65DC44F56BFB8EF46314F08859BEE849B153C265A909CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058A0B79, Relevance: 1.6, APIs: 1, Instructions: 75registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A0C10

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: c8c61d37d271c62df45885279061fdbf54c3da091a68242557f35ce65d2a5f9f
Instruction ID: efca01e8cad6eb2d46f29fd5c9cf1efa538178fbce3efd885d774e10a6c86a25
Opcode Fuzzy Hash: c8c61d37d271c62df45885279061fdbf54c3da091a68242557f35ce65d2a5f9f
Instruction Fuzzy Hash: C5219AB2508744AFE7218B15DC85F67FFE8EF06710F08859AED859B292D264E809CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0305AA32, Relevance: 1.6, APIs: 1, Instructions: 74registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExW.KERNELBASE(?,00000E2C), ref: 0305AAB1

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: b3bd8c7173c52fcfb790c05edcb08eb7346fab8dc43ec5d52da4a81c3bd20850
Instruction ID: 798c44d49391c60a380544dfff37fa7e2f5afe67644822022b8db1bb7dadeed7
Opcode Fuzzy Hash: b3bd8c7173c52fcfb790c05edcb08eb7346fab8dc43ec5d52da4a81c3bd20850
Instruction Fuzzy Hash: 72219F72500604AFE721DB15CD84F6BFBECEF04710F14855AFE459A241D764E9088B71

Uniqueness

Uniqueness Score: -1.00%

Function 058A012A, Relevance: 1.6, APIs: 1, Instructions: 72synchronizationCOMMON

Download Yara Rule

APIs

CreateMutexW.KERNELBASE(?,?), ref: 058A019D

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CreateMutex
String ID:
API String ID: 1964310414-0
Opcode ID: 997924453ac8d413d10016054f6c51151a129ea78e391405568cf4603062bf96
Instruction ID: 391d2a0c177e1f35f45f9b8b98f8c490d7c00d28f7637d380e598404af24427d
Opcode Fuzzy Hash: 997924453ac8d413d10016054f6c51151a129ea78e391405568cf4603062bf96
Instruction Fuzzy Hash: 6F217C72504204AFF720DF65D889FAAFBE8EF05610F14846AED45CB241E771E904CA61

Uniqueness

Uniqueness Score: -1.00%

Function 058A0A9B, Relevance: 1.6, APIs: 1, Instructions: 71fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 058A0B1E

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: f0b972f870d68f0a10b795b45e4ad245ea21e4a553cd2c4e0b618c0cf783c9b1
Instruction ID: 143fc10e9f29d4961ae3bdf1acf5da93c25040353afff04f75331e673be120be
Opcode Fuzzy Hash: f0b972f870d68f0a10b795b45e4ad245ea21e4a553cd2c4e0b618c0cf783c9b1
Instruction Fuzzy Hash: 3821B3B25083849FE722CF25DC55B52BFE8AF06314F1880DAED85DB253D224E804C761

Uniqueness

Uniqueness Score: -1.00%

Function 058A0723, Relevance: 1.6, APIs: 1, Instructions: 71COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 058A079F

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 5e773d0b0940ba4d4f3a4b2a953f5ad99a60adfed6ed1588e01efb8fdebf7c1a
Instruction ID: 3a773ff5f5e0e5607af0f67a72c4f81b2818eff250dd96c307d75af1cf5f0de9
Opcode Fuzzy Hash: 5e773d0b0940ba4d4f3a4b2a953f5ad99a60adfed6ed1588e01efb8fdebf7c1a
Instruction Fuzzy Hash: A821B3725093849FE712CB25DC48B52BFE8EF06210F0984EAED45CF153D235D948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0305AB3A, Relevance: 1.6, APIs: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 0305ABB4

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: de784a443077e3c29164f1990b4c634b9ec471d1a4c27b05086fddcb1d8afd9a
Instruction ID: 6fe687fd7871a2304c3713e8617c2616cec2bf421953b813976be9f294147a6b
Opcode Fuzzy Hash: de784a443077e3c29164f1990b4c634b9ec471d1a4c27b05086fddcb1d8afd9a
Instruction Fuzzy Hash: B4218E75600604AFE721CF25DC80FA7FBECEF04710F1886AAEE459B252D670E508CAB1

Uniqueness

Uniqueness Score: -1.00%

Function 058A1E32, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

OpenFileMappingW.KERNELBASE(?,?), ref: 058A1E9D

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileMappingOpen
String ID:
API String ID: 1680863896-0
Opcode ID: 29e05257ae4d1ca31a559929b6c979341c37d30cfff5faeb12b20f71512e4e13
Instruction ID: 2fbdd47bcbc93822dca8f7ed1ba6d0eb628501effaad96af43871aafad1278ab
Opcode Fuzzy Hash: 29e05257ae4d1ca31a559929b6c979341c37d30cfff5faeb12b20f71512e4e13
Instruction Fuzzy Hash: 09219D72504200AFF720DB65CC45F66FBA8EF44720F14846AED858B242D775E808CB72

Uniqueness

Uniqueness Score: -1.00%

Function 058A1170, Relevance: 1.6, APIs: 1, Instructions: 68COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058A11DC

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 2d8a8bbe700579943a501b34f5273fb9fae69e7d780830b764ca716de9fcec50
Instruction ID: b93ecc753c8e6007a56390bdbc7242ec8cc8a7223cf5a0bd02963afb4229753c
Opcode Fuzzy Hash: 2d8a8bbe700579943a501b34f5273fb9fae69e7d780830b764ca716de9fcec50
Instruction Fuzzy Hash: 0021C0725093C05FEB13CB25DC54B92BFB4AF47224F0980DAED858F663D274A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058A16D2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASocketW.WS2_32(?,?,?,?,?), ref: 058A173E

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Socket
String ID:
API String ID: 38366605-0
Opcode ID: cb386a036d1894ddfd0d41e40e90d7ab85d8137abd57cb9a41409a739b400821
Instruction ID: 98b5300bde673b7bbefc4aab326c7244d91a798a65792c6b6b7d425acc72ab3a
Opcode Fuzzy Hash: cb386a036d1894ddfd0d41e40e90d7ab85d8137abd57cb9a41409a739b400821
Instruction Fuzzy Hash: 0521CF71500204AFEB21CF65DC44F66FFE9EF04320F14855AEE858A651C771A808CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A29F2, Relevance: 1.6, APIs: 1, Instructions: 67networkCOMMON

Download Yara Rule

APIs

WSASend.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A2A62

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Send
String ID:
API String ID: 121738739-0
Opcode ID: 2dd28aae60320c3372ead9f74f44bbb28abcdb72a037744c335d56bfd711d4d1
Instruction ID: a5e7f787d06d57e47bf655d0b1c4b6d866327617b2604ecaaf30a2d5adb8fcb0
Opcode Fuzzy Hash: 2dd28aae60320c3372ead9f74f44bbb28abcdb72a037744c335d56bfd711d4d1
Instruction Fuzzy Hash: 3611CD72500604AFEB31CF55CC40FA7FBA8EF08310F04896BEE469B215D670A409CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A01F4, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058A0264

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 329f9064c3e02e7e54ccec8b1001c65a2e1915dcb2c8f997bff1b78472c85278
Instruction ID: e3aa1d688d0b09651b417e84438b7885a3bd7707350b5f414a480599b09065ed
Opcode Fuzzy Hash: 329f9064c3e02e7e54ccec8b1001c65a2e1915dcb2c8f997bff1b78472c85278
Instruction Fuzzy Hash: D721A4B24097849FE712CF54DC85B51BFA8FF42320F0985DADD849F553D234A905CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A1225, Relevance: 1.6, APIs: 1, Instructions: 67COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,748C2CF0,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 058A1296

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: d004035c29e023cef237074f81449cf6e517c0868143da70b5e89421d0ae5ed7
Instruction ID: 4a40a1f27f9876749cddf7ce8fded7858c42739e9e7808e50a9dba1997c4280f
Opcode Fuzzy Hash: d004035c29e023cef237074f81449cf6e517c0868143da70b5e89421d0ae5ed7
Instruction Fuzzy Hash: 882150725093849FD712CF65DC44B92BFE4AF06210F0984EAED85CF162D274E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A1F32, Relevance: 1.6, APIs: 1, Instructions: 67fileCOMMON

Download Yara Rule

APIs

MapViewOfFile.KERNELBASE ref: 058A1FA6

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileView
String ID:
API String ID: 3314676101-0
Opcode ID: b5713582c0d4a425aae893f9144a3d005ab65426c09a6d13a3ef6d6658f232bd
Instruction ID: 721f0e74c438b572dd6fe6ed346d9bd68088ccc812f290bc7b36d41b88af8e90
Opcode Fuzzy Hash: b5713582c0d4a425aae893f9144a3d005ab65426c09a6d13a3ef6d6658f232bd
Instruction Fuzzy Hash: EA21AE72504244AFE721CF55DC88FA6FBE9EF08720F14855AEE849B241D775E908CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A0B9E, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegSetValueExW.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A0C10

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: 973b4cc9b2add7361ff027fe23a385e7fa95a792b2739b748ee48b636166fbb4
Instruction ID: d677c678bd9fd60a512f803726b1c9c6c00e464dbf728a12e374b23d5bb3271c
Opcode Fuzzy Hash: 973b4cc9b2add7361ff027fe23a385e7fa95a792b2739b748ee48b636166fbb4
Instruction Fuzzy Hash: 31118B72600604EFFB209F15DD85F67FBE8EF04710F14856AEE45DB251D6A4E809CA72

Uniqueness

Uniqueness Score: -1.00%

Function 058A04EA, Relevance: 1.6, APIs: 1, Instructions: 65registryCOMMON

Download Yara Rule

APIs

RegQueryValueExW.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A055C

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 9e1ebebd1493ce72339ab6f964356197c6ed3dd005d882539229def0ad68286e
Instruction ID: 77affd1cafc2f268effdb567ee2bee61fd28ce6f96fe5ba9093f5f4851bd1844
Opcode Fuzzy Hash: 9e1ebebd1493ce72339ab6f964356197c6ed3dd005d882539229def0ad68286e
Instruction Fuzzy Hash: 77116A72500604EEEB20CF15DC84F67FBE8EF04720F18856AEE46EB251D660E909CA71

Uniqueness

Uniqueness Score: -1.00%

Function 058A239E, Relevance: 1.6, APIs: 1, Instructions: 64timeCOMMON

Download Yara Rule

APIs

GetProcessTimes.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A23FD

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: ProcessTimes
String ID:
API String ID: 1995159646-0
Opcode ID: 6401355498155b0d9a4c6c0fc71f20ee2ab07c3a1287f2857f02ecc107d17c2f
Instruction ID: f4e20f59745bdd02905d8ad986a3a723acc1a812a1878b4daf575ca006bfaefd
Opcode Fuzzy Hash: 6401355498155b0d9a4c6c0fc71f20ee2ab07c3a1287f2857f02ecc107d17c2f
Instruction Fuzzy Hash: 5711D076500204AFEB21CF65DC40F6AFBA8EF05320F14846BEE45CB251C671A8088B71

Uniqueness

Uniqueness Score: -1.00%

Function 058A0E9C, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058A0F06

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: e66c77a8014d833a21ed5e07dc969126e70b2f46f2dfe27bf34638a53f61a210
Instruction ID: af6cea60a8ff53de9fbe7590e7a36a58012549d4574524aa346604b21a7d1d7b
Opcode Fuzzy Hash: e66c77a8014d833a21ed5e07dc969126e70b2f46f2dfe27bf34638a53f61a210
Instruction Fuzzy Hash: 2C11A2725043809FD721CF25DC84B56BFE8EF05210F0884AAED89DF252D274E908CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A2802, Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

setsockopt.WS2_32(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A2869

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: setsockopt
String ID:
API String ID: 3981526788-0
Opcode ID: bc971a84afd402f479fcb93209e0a70ec332d30602f95cdf432d4f774b1f37f5
Instruction ID: 8fde850ec53ca3ee0564da2b3d6b3b413c3d50a72e976f14d16469fefd95e9e2
Opcode Fuzzy Hash: bc971a84afd402f479fcb93209e0a70ec332d30602f95cdf432d4f774b1f37f5
Instruction Fuzzy Hash: 8711BE76500204EFEB20CF55DC81FA6FBA8EF44720F1484AAEE4ADB251C674E808CB71

Uniqueness

Uniqueness Score: -1.00%

Function 0305A51F, Relevance: 1.6, APIs: 1, Instructions: 61COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0305A58A

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: ab77b98e6aaee5d584c1c1179808f8bf657771414705a41855433c9be80c24a8
Instruction ID: e122107c25bf30454b8728ddc8b8a999f764afdd06a8254bdb266993d47e8210
Opcode Fuzzy Hash: ab77b98e6aaee5d584c1c1179808f8bf657771414705a41855433c9be80c24a8
Instruction Fuzzy Hash: B4118471409384AFDB228F55DC44F62FFF8EF4A220F0885DAEE858B562C275A518DB61

Uniqueness

Uniqueness Score: -1.00%

Function 0305B7CA, Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 0305B841

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: d40e33d38f2158981dede1b5d11fc468c15a91be7069f55989f8d5c073b7922f
Instruction ID: b9cf8fa326494f5875ba8b92f18cc12ab4687fab1ec245fd344bce913bdc92e1
Opcode Fuzzy Hash: d40e33d38f2158981dede1b5d11fc468c15a91be7069f55989f8d5c073b7922f
Instruction Fuzzy Hash: F4218E754097C49FDB128B21DC50AA2BFB4EF17210F0D84DAEDC44F163D265A958DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A0C86, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNELBASE(?,00000E2C), ref: 058A0CEF

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 9acc6d4d2ce8617d954fbb77f0e402976b722507eaf13ee1515027ea6070a1a1
Instruction ID: 74bf9b1313f07205a7569dee0c427afc1544a850b1d4d861229e2110a0a572c6
Opcode Fuzzy Hash: 9acc6d4d2ce8617d954fbb77f0e402976b722507eaf13ee1515027ea6070a1a1
Instruction Fuzzy Hash: B9112976600304EFF720DB25DC45F76FB98DF05720F14856AEE459B281D6B4A944CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A02DE, Relevance: 1.6, APIs: 1, Instructions: 60registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNELBASE(?,00000E2C), ref: 058A0353

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 724ddd9ec7763aa63591f82a7e624e571f0ed15178a83fd22e276e03e466269a
Instruction ID: 8059d65d905808970181352a7c34aae840a13bafb9efe2842f2b50811a88f43e
Opcode Fuzzy Hash: 724ddd9ec7763aa63591f82a7e624e571f0ed15178a83fd22e276e03e466269a
Instruction Fuzzy Hash: CC11EF72500604EFFB21CF14CC45F66FBA8EF04710F14859AEE459A291C2B1A908CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 058A09F2, Relevance: 1.6, APIs: 1, Instructions: 60fileCOMMON

Download Yara Rule

APIs

WriteFile.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A0A51

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileWrite
String ID:
API String ID: 3934441357-0
Opcode ID: 98a930fa47e524d4c2a099b52cd675a3c409360d83aa1233ce83639c1336d6b9
Instruction ID: 585cd930e1af5b42b1a0b36027b5db87304fc13551ccda9fdc7ba810b9b18678
Opcode Fuzzy Hash: 98a930fa47e524d4c2a099b52cd675a3c409360d83aa1233ce83639c1336d6b9
Instruction Fuzzy Hash: 41110172500204EFEB21CF54DC44F66FFA8EF04320F14846BEE489B241C674A808CBB1

Uniqueness

Uniqueness Score: -1.00%

Function 0305BB4F, Relevance: 1.6, APIs: 1, Instructions: 59windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0305BBB9

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 76115628c6eb806a5143715c300e45a775c9dbb6aaac1f8864d6cff7320371bd
Instruction ID: 92eebc7813a6d5659f7ba8e421644a139896b2fe4dcc631280f1353d97456499
Opcode Fuzzy Hash: 76115628c6eb806a5143715c300e45a775c9dbb6aaac1f8864d6cff7320371bd
Instruction Fuzzy Hash: 3611BE35509380AFDB228F25CC45B52FFB4EF06220F0885DEED858B663D2A5A458DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0305BE05, Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0305BE70

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 0afdb62912c74f4bf4bde2a32e27070804db6afb5914006006456fe2531fa879
Instruction ID: 1d7e8b5acf87d11f927d85125b798ef5fd28ad2c21166596962bea0a48a3c50d
Opcode Fuzzy Hash: 0afdb62912c74f4bf4bde2a32e27070804db6afb5914006006456fe2531fa879
Instruction Fuzzy Hash: 34118E754093C4AFD7138B25DC44B62BFB4DF47624F0980DAED848F263D265A908CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0305B71E, Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 0305B78A

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: aa06e0cd48b0023c87ba76ca61a84f634ce997a8aa961002a0c5aea49513cee6
Instruction ID: e3232ac685333c94afe2ddd82caa751d044605a2f29724f24649b0fb8a3e7faf
Opcode Fuzzy Hash: aa06e0cd48b0023c87ba76ca61a84f634ce997a8aa961002a0c5aea49513cee6
Instruction Fuzzy Hash: 1011A231405384AFDB22CF54DC44A52FFF4EF49310F08859EEE858B662C375A418DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A0D33, Relevance: 1.6, APIs: 1, Instructions: 56COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNELBASE(?), ref: 058A0D98

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 2d8f12c23c568c5c3a2ecf5387fafff353047812ecf2d9900c17661a857da47c
Instruction ID: f84b59a7dd47712243b69c92bcb815526cc0a9dbb408d94a53adf47e0b2f37c8
Opcode Fuzzy Hash: 2d8f12c23c568c5c3a2ecf5387fafff353047812ecf2d9900c17661a857da47c
Instruction Fuzzy Hash: 561190754093C0AFD7128B24DC44B92BFB4EF42224F0985DBED848F163C275A949CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0305BEB4, Relevance: 1.6, APIs: 1, Instructions: 56fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 0305BF0C

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: ee7a3130523950f3c935821eabd95f86121121cb501e31eba41af427b71511df
Instruction ID: 3e4d1ecaa8e3a7e0be04de97bf64785ae17f3650c57fced84518d16d1b2431c2
Opcode Fuzzy Hash: ee7a3130523950f3c935821eabd95f86121121cb501e31eba41af427b71511df
Instruction Fuzzy Hash: 2E116D715053849FDB11CF65DC85B57BFE8EF46220F0884AAED45CB252D274E948CB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A0EBE, Relevance: 1.6, APIs: 1, Instructions: 53COMMON

Download Yara Rule

APIs

LookupPrivilegeValueW.ADVAPI32(?,?,?), ref: 058A0F06

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: LookupPrivilegeValue
String ID:
API String ID: 3899507212-0
Opcode ID: cd6e54743794d0d95abcec4006c7e69e5bb98287e78c68d6d8a46f8bdf709599
Instruction ID: 25fb1a03d7f4c5b059b2cb9efac16187ddeead5cb12470730215b6d9abccb122
Opcode Fuzzy Hash: cd6e54743794d0d95abcec4006c7e69e5bb98287e78c68d6d8a46f8bdf709599
Instruction Fuzzy Hash: 87118272604244DFEB10CF29D884B56FBD8EF04210F1884AADD49DB682D675E904CA71

Uniqueness

Uniqueness Score: -1.00%

Function 058A0AD6, Relevance: 1.6, APIs: 1, Instructions: 53fileCOMMON

Download Yara Rule

APIs

CopyFileW.KERNELBASE(?,?,?), ref: 058A0B1E

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CopyFile
String ID:
API String ID: 1304948518-0
Opcode ID: cd6e54743794d0d95abcec4006c7e69e5bb98287e78c68d6d8a46f8bdf709599
Instruction ID: c2a2556626109c994383f23403e88c6312529cdf70ceb68f99b29c7999595aa1
Opcode Fuzzy Hash: cd6e54743794d0d95abcec4006c7e69e5bb98287e78c68d6d8a46f8bdf709599
Instruction Fuzzy Hash: 3D118272600204DFFB10CF29D985B56FBD8EF04714F1884AADD49DB641D674E805CB71

Uniqueness

Uniqueness Score: -1.00%

Function 058A0932, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE(?,00000E2C,748C2CF0,00000000,00000000,00000000,00000000), ref: 058A0985

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: 9cff8edbb79c8344d9a63ea620ac353d91f2de06919a5c1068ab35ac954db32c
Instruction ID: d8b85922f19e71604c1a4f1f64070b9d856eecbd58d50772a0141c4d376300e5
Opcode Fuzzy Hash: 9cff8edbb79c8344d9a63ea620ac353d91f2de06919a5c1068ab35ac954db32c
Instruction Fuzzy Hash: E901D272500604EFF720CB19DC85F66FBA8EF05720F188097EE449B341C6B4A9088AB1

Uniqueness

Uniqueness Score: -1.00%

Function 058A075A, Relevance: 1.6, APIs: 1, Instructions: 52COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?), ref: 058A079F

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: ba4e03a5f5fc346028c4cbc64654213eeb4e63f5eb32c18797d522bc4423d750
Instruction ID: 823dcdbd2712a8f23bb13bc0abed6ee8105cf92536aff18b809b9832f0c2787c
Opcode Fuzzy Hash: ba4e03a5f5fc346028c4cbc64654213eeb4e63f5eb32c18797d522bc4423d750
Instruction Fuzzy Hash: 0211C076600244DFEB61CF29D888B66FBD8EF04220F08C4AADD09CB642D675E948CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0305A75B, Relevance: 1.6, APIs: 1, Instructions: 52comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0305A7BC

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: fbdc96ae796253915763275a45c28d9b48fec53cbcbda4c5c1f5f1f1a4d73576
Instruction ID: d03d2d37dd95278c237efb83564c6844186fe4930e6a43b301e7dd64ccf54b76
Opcode Fuzzy Hash: fbdc96ae796253915763275a45c28d9b48fec53cbcbda4c5c1f5f1f1a4d73576
Instruction Fuzzy Hash: DF11E071449384AFD712CF14DC84B52BFB8EF42220F0885DAED488F253C275A908CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 058A1256, Relevance: 1.5, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

K32EnumProcesses.KERNEL32(?,?,?,748C2CF0,00000000,?,?,?,?,?,?,?,?,72F43C38), ref: 058A1296

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: EnumProcesses
String ID:
API String ID: 84517404-0
Opcode ID: 7b7730723e71cdf511ea29a79f82633d38ea2478755fccf7ebc14b6140490a69
Instruction ID: be7814a0501594509c5b2538006d9ca09de22aff7630619d666247278ac3921a
Opcode Fuzzy Hash: 7b7730723e71cdf511ea29a79f82633d38ea2478755fccf7ebc14b6140490a69
Instruction Fuzzy Hash: 5011C4765002449FEB20CF69D888BA6FBE8EF04320F08C5AADD49CB655E770E844CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0305A8CC, Relevance: 1.5, APIs: 1, Instructions: 48COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0305A926

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: 76855da6cb0e6684c17c6d6523ddfd50525201bff7a941812ec748cdf0127799
Instruction ID: bd13829eb07e459c00c6a4cb22410f9ca703478e04cc35915c7f2081f728eab0
Opcode Fuzzy Hash: 76855da6cb0e6684c17c6d6523ddfd50525201bff7a941812ec748cdf0127799
Instruction Fuzzy Hash: 5E11AC31409784AFC7228F15DC85A52FFF4EF06220F0985DAEE854B262C375A808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 0305A172, Relevance: 1.5, APIs: 1, Instructions: 47networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32(?,00000E2C,?,?), ref: 0305A1BD

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Startup
String ID:
API String ID: 724789610-0
Opcode ID: d61141b7e031ecfa14699d62468edcee3b7ed0602d23d47bf7d8397fa3e6cbb7
Instruction ID: 3b857dc593fed169edf6226c79e2c4441fa482245213568632aec1f2939c9eee
Opcode Fuzzy Hash: d61141b7e031ecfa14699d62468edcee3b7ed0602d23d47bf7d8397fa3e6cbb7
Instruction Fuzzy Hash: FD01B171900200ABD710DF16DC81B26FBA8EB88A20F14816AED088B741E331F915CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0305BED2, Relevance: 1.5, APIs: 1, Instructions: 47fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?), ref: 0305BF0C

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: DeleteFile
String ID:
API String ID: 4033686569-0
Opcode ID: 0d23ec09ec664b5e4b580bc8fe19e074e402cb462458b96f702a8341acb39e07
Instruction ID: 1f57d8d479e0c137c35b60b0ebbb475fad345164bc2e4674e1797dfe4776d585
Opcode Fuzzy Hash: 0d23ec09ec664b5e4b580bc8fe19e074e402cb462458b96f702a8341acb39e07
Instruction Fuzzy Hash: 61019E71A012449FDB60DF6AD884767FBD8DF00220F08C4AAED49CB646D674E408CF61

Uniqueness

Uniqueness Score: -1.00%

Function 0305A546, Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0305A58A

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: fb55d25d83fa0fb783bc6d21758f98b59412a1973324b13266749d1440d58987
Instruction ID: 6d6e9ba9a98cd4357bdcc355cf738fdb85aeb92f776beb84d017da7a5035fa9f
Opcode Fuzzy Hash: fb55d25d83fa0fb783bc6d21758f98b59412a1973324b13266749d1440d58987
Instruction Fuzzy Hash: D0016D31500604EFDB22CF55D844B56FFF4EF48720F18CA9AEE494A615C675E418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0305B746, Relevance: 1.5, APIs: 1, Instructions: 45windowCOMMON

Download Yara Rule

APIs

CreateIconFromResourceEx.USER32 ref: 0305B78A

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: CreateFromIconResource
String ID:
API String ID: 3668623891-0
Opcode ID: fb881ebf592ae771061fe38fa20379d3e8bed10bc9a6e64a225d61a4d1590793
Instruction ID: 81e57d8bad1b099dc0f016506fa42296721dac2631302afc1ec9e31102cc780a
Opcode Fuzzy Hash: fb881ebf592ae771061fe38fa20379d3e8bed10bc9a6e64a225d61a4d1590793
Instruction Fuzzy Hash: 0E015B31400604AFDB21CF55D844B57FFE4EF08720F0889AAEE894A622D275E418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 058A11AA, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058A11DC

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 4ff17682135db166baaef1b0011c983fc6278955df90fce805ceff68bb13433b
Instruction ID: 43f1f57c010ef82e36a41c09b1c8d67d67ef8edd1366b90c343a6d61d95802ea
Opcode Fuzzy Hash: 4ff17682135db166baaef1b0011c983fc6278955df90fce805ceff68bb13433b
Instruction Fuzzy Hash: DA01BC725002449FEB10DF29D888B66FFA4EF40220F18C0ABDD49CB642D6B4E808CB62

Uniqueness

Uniqueness Score: -1.00%

Function 058A0232, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

FindCloseChangeNotification.KERNELBASE(?), ref: 058A0264

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: ChangeCloseFindNotification
String ID:
API String ID: 2591292051-0
Opcode ID: 78b68b9ad10fa4951d5f4fdda1ca4e0c39e1a6c37743d6c1d57199b6460f9f6e
Instruction ID: a0cfda59cb36a9b74ac89a27cf98bf1dfb47a88a0a272e6e91b8f0f9a8bd2484
Opcode Fuzzy Hash: 78b68b9ad10fa4951d5f4fdda1ca4e0c39e1a6c37743d6c1d57199b6460f9f6e
Instruction Fuzzy Hash: 5601BC76900204DFEB11CF29D888766FF94EF40220F08C4ABDD49CB642E675E808DB61

Uniqueness

Uniqueness Score: -1.00%

Function 058A1636, Relevance: 1.5, APIs: 1, Instructions: 43networkCOMMON

Download Yara Rule

APIs

DnsQuery_A.DNSAPI(?,00000E2C,?,?), ref: 058A1686

Memory Dump Source

Source File: 0000000C.00000002.483372855.00000000058A0000.00000040.00000001.sdmp, Offset: 058A0000, based on PE: false

Similarity

API ID: Query_
String ID:
API String ID: 428220571-0
Opcode ID: ee67e5be39b9b157e598834cf6738f75f9873aa50538e5a2fe6abbe1f05e4b1e
Instruction ID: 0b0295f057e3815cc0969bb4428f4745736083d3927ceaf0e363c32ed2481fd2
Opcode Fuzzy Hash: ee67e5be39b9b157e598834cf6738f75f9873aa50538e5a2fe6abbe1f05e4b1e
Instruction Fuzzy Hash: C3016276500604ABD310DF16DC86F26FBA8FB88B20F14815AED485B741E771F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0305AF9A, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

CreateActCtxA.KERNEL32(?,00000E2C,?,?), ref: 0305AFEA

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Create
String ID:
API String ID: 2289755597-0
Opcode ID: 48bbe474a6362906279b45244886212354dcd0d5dea761ee04268534c3f6e49d
Instruction ID: e557b8395cd96af77d91acebc762955cc199f86b9aeb579eb61a29b2b54a2cee
Opcode Fuzzy Hash: 48bbe474a6362906279b45244886212354dcd0d5dea761ee04268534c3f6e49d
Instruction Fuzzy Hash: 8D01A275500600ABD310DF16DC82F26FBA8FB88B20F14815AED084B741E371F515CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 0305BB7E, Relevance: 1.5, APIs: 1, Instructions: 42windowCOMMON

Download Yara Rule

APIs

PostMessageW.USER32(?,?,?,?), ref: 0305BBB9

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: MessagePost
String ID:
API String ID: 410705778-0
Opcode ID: 712048e842bfb9cf77eaa206400c205eb5f375efa105d62b97979f722bc3736e
Instruction ID: 59f9417a44eddf1b49b6b2d47cc5aed3e933d64ca2a3e00fb634f2d6c802c309
Opcode Fuzzy Hash: 712048e842bfb9cf77eaa206400c205eb5f375efa105d62b97979f722bc3736e
Instruction Fuzzy Hash: B301B135500600DFEB20CF15D844B66FFE4EF04320F08C59AED454B665C6B1E418DF61

Uniqueness

Uniqueness Score: -1.00%

Function 0305A78A, Relevance: 1.5, APIs: 1, Instructions: 39comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(?), ref: 0305A7BC

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 6a0fc0ba58392ebe5849690611129df36e157269911339273821443f175675f5
Instruction ID: 278645b991dd1529674040909d818b8e709555aa194f89aeb112a14b77fb3ae8
Opcode Fuzzy Hash: 6a0fc0ba58392ebe5849690611129df36e157269911339273821443f175675f5
Instruction Fuzzy Hash: 7701AD749012489FDB11CF15D884767FFE8EF44220F18C5EAEE488F606D6B5A508CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 0305B806, Relevance: 1.5, APIs: 1, Instructions: 38windowCOMMON

Download Yara Rule

APIs

SendMessageW.USER32(?,?,?,?), ref: 0305B841

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: MessageSend
String ID:
API String ID: 3850602802-0
Opcode ID: 55b9867636a388a66e644275461dc41abc0e41cc5ff95d34918c2c378a131c3c
Instruction ID: 0ff66601f63f1b4aa1921a8ee0b0ff3d6543085a39a1d5cf6eb5af53f052eb9f
Opcode Fuzzy Hash: 55b9867636a388a66e644275461dc41abc0e41cc5ff95d34918c2c378a131c3c
Instruction Fuzzy Hash: 66018F35800644DFDB20CF15D884B66FFE4EF04720F08D59AEE490B662D375A418DF62

Uniqueness

Uniqueness Score: -1.00%

Function 0305A8EE, Relevance: 1.5, APIs: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetWindowLongW.USER32(?,?,?), ref: 0305A926

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: LongWindow
String ID:
API String ID: 1378638983-0
Opcode ID: f481a52e79083bec687acfbcf4a911a0cbc92fd8d24731bc4a5ac32ca9020d6e
Instruction ID: bed67c8b483057d49c616c769ad4a2f5067ecc37c44ee1cffb08cd6e352d8adb
Opcode Fuzzy Hash: f481a52e79083bec687acfbcf4a911a0cbc92fd8d24731bc4a5ac32ca9020d6e
Instruction Fuzzy Hash: CD018B359016049FDB21CF05D885756FFA4EF09720F08C6AAEE8A0B652C3B5E408DB62

Uniqueness

Uniqueness Score: -1.00%

Function 0305BE3E, Relevance: 1.5, APIs: 1, Instructions: 35windowCOMMON

Download Yara Rule

APIs

DispatchMessageW.USER32(?), ref: 0305BE70

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: DispatchMessage
String ID:
API String ID: 2061451462-0
Opcode ID: 257e1dbeb0d19f9a2ceac292214e982e01304e1888ed5eab1022316dbb6a8e62
Instruction ID: 8a45af19a2c945860b4582475eae1ada8653e0c4bfc630fc0508cbb24a130126
Opcode Fuzzy Hash: 257e1dbeb0d19f9a2ceac292214e982e01304e1888ed5eab1022316dbb6a8e62
Instruction Fuzzy Hash: 62F0D734800684DFDB20CF09D885726FFA4EF04720F1CC4AAEE480B212C6B9B408CAA2

Uniqueness

Uniqueness Score: -1.00%

Function 0305A372, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

SetErrorMode.KERNELBASE(?), ref: 0305A3A4

Memory Dump Source

Source File: 0000000C.00000002.474927995.000000000305A000.00000040.00000001.sdmp, Offset: 0305A000, based on PE: false

Similarity

API ID: ErrorMode
String ID:
API String ID: 2340568224-0
Opcode ID: 257e1dbeb0d19f9a2ceac292214e982e01304e1888ed5eab1022316dbb6a8e62
Instruction ID: d8c57a1dfe4d376fa0b22a4ca4732f04f58cf18bec64679e9da5bceddb06aca4
Opcode Fuzzy Hash: 257e1dbeb0d19f9a2ceac292214e982e01304e1888ed5eab1022316dbb6a8e62
Instruction Fuzzy Hash: 75F0DC34A00244DFDB21CF15D88472AFFA4EF04224F18C19AED484B602C6B9A408CA62

Uniqueness

Uniqueness Score: -1.00%

Function 031920D0, Relevance: 1.4, Strings: 1, Instructions: 200COMMON

Download Yara Rule

Strings

r*+, xrefs: 0319230F

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 60ae3bdfa0ab0c00604e075773d51a961f4ade79b8f4d57630f0617a531211d7
Instruction ID: 29360aacc9106f7fc0669b3d0214505c9c34239258bc1d1ea7cef249ef7047dd
Opcode Fuzzy Hash: 60ae3bdfa0ab0c00604e075773d51a961f4ade79b8f4d57630f0617a531211d7
Instruction Fuzzy Hash: 58713D30A0520EEFEF48DF68C4816AEBBB1FF8D300F15846BD5029B255D7749942CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B30211, Relevance: 1.4, Strings: 1, Instructions: 146COMMON

Download Yara Rule

Strings

?:r, xrefs: 06B301A7

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID: ?:r
API String ID: 0-444216880
Opcode ID: 42bc23689738dcf72f30baad98e3163328e782c11dbbe7ce7ce22dcb56714b95
Instruction ID: ddd9c273c8548bfa6569cf00496a9a38f413d682680cac35132a60cf44a59640
Opcode Fuzzy Hash: 42bc23689738dcf72f30baad98e3163328e782c11dbbe7ce7ce22dcb56714b95
Instruction Fuzzy Hash: 3F5168B5F04225DFDB94DFA8C980AAEB7F1BF88300F1485AAD506EB211DB319941CF91

Uniqueness

Uniqueness Score: -1.00%

Function 03191458, Relevance: 1.4, Strings: 1, Instructions: 128COMMON

Download Yara Rule

Strings

$g^r, xrefs: 031914C7

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: $g^r
API String ID: 0-3653196314
Opcode ID: 2fa689defc1aa7f59353be16d0ea72bedbd02bcf8f699c783f2f31e13ae77afa
Instruction ID: 0d5016caee010a29d72c4101282904576775397f3f26d1983801380a2594e645
Opcode Fuzzy Hash: 2fa689defc1aa7f59353be16d0ea72bedbd02bcf8f699c783f2f31e13ae77afa
Instruction Fuzzy Hash: BC51EF34A00219CFEB14DF68D894B99BBF2BF89300F1540AAD50AAB365DB35AD85CF51

Uniqueness

Uniqueness Score: -1.00%

Function 03190683, Relevance: 1.4, Strings: 1, Instructions: 127COMMON

Download Yara Rule

Strings

Zo^, xrefs: 031906A1, 031906A6

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: Zo^
API String ID: 0-2133512443
Opcode ID: f3b023e8f5caee0ccfd131f4fd1025212210c944f85be02ff437ef9178dc2fbe
Instruction ID: bc5082799bf33760371d679d893b42d1b9efdd215f1cf34a8b57deec220d3423
Opcode Fuzzy Hash: f3b023e8f5caee0ccfd131f4fd1025212210c944f85be02ff437ef9178dc2fbe
Instruction Fuzzy Hash: C4414C316022118FD708FB78EC5C6AD3BA6AFC8B1A715556AF503CB26DDF784C418B91

Uniqueness

Uniqueness Score: -1.00%

Function 0319D140, Relevance: 1.4, Strings: 1, Instructions: 105COMMON

Download Yara Rule

Strings

u>o^, xrefs: 0319D1D5

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: u>o^
API String ID: 0-868746235
Opcode ID: ee7ae8ef37c6502b4abfd787a774c8b03308a2fa7fa06105330e6f6fd9b26cfb
Instruction ID: 82893ef86902d2691668a410ec2b55006bc68102b6418dd6fbe2ed6664969352
Opcode Fuzzy Hash: ee7ae8ef37c6502b4abfd787a774c8b03308a2fa7fa06105330e6f6fd9b26cfb
Instruction Fuzzy Hash: 92415B712062448FCB05DF28D4644997FF1EF8A20832589AEE505DF35ADBB6A94BCB80

Uniqueness

Uniqueness Score: -1.00%

Function 03191290, Relevance: 1.4, Strings: 1, Instructions: 101COMMON

Download Yara Rule

Strings

$g^r, xrefs: 03191349

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: $g^r
API String ID: 0-3653196314
Opcode ID: 3c7ede03d5044bfa3606c6f6408e21dae3646fa941bcfc7e507f64b01d8dfee6
Instruction ID: 2dee9b304e4f06c40b39f48eb061e63f2337c5c01bbd8407829dac315bcea7ca
Opcode Fuzzy Hash: 3c7ede03d5044bfa3606c6f6408e21dae3646fa941bcfc7e507f64b01d8dfee6
Instruction Fuzzy Hash: BB41F434A04219DFEB54DF68D880BADBBB1BB4D350F1540AAD50AAB360DB349EC4CF51

Uniqueness

Uniqueness Score: -1.00%

Function 031985F0, Relevance: 1.3, Strings: 1, Instructions: 98COMMON

Download Yara Rule

Strings

r*+, xrefs: 03198707

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: r*+
API String ID: 0-3221063712
Opcode ID: 45a1cad13e34cbc3f2d5602ae1c1b2d9ac76d6c90fe95e987d83514e9158e422
Instruction ID: 143aad0a339346a1f51f73975efff4b6571865af286c44f1e084c823a97448db
Opcode Fuzzy Hash: 45a1cad13e34cbc3f2d5602ae1c1b2d9ac76d6c90fe95e987d83514e9158e422
Instruction Fuzzy Hash: 51413E70E04209DFEF58DFA4C5456AEBBF1FF49304F1580ABD402AB260DBB49A41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 03198430, Relevance: 1.3, Strings: 1, Instructions: 84COMMON

Download Yara Rule

Strings

]Do^, xrefs: 0319845E, 03198463

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: ]Do^
API String ID: 0-1696815783
Opcode ID: b16149fb2a09698216bc51d294fd6a932d08ff92fa24a9249b4622f33e6c21d1
Instruction ID: 78d72453697190f7eb05b2a0a21005ad1c17211a7184a83e5647d03f30356043
Opcode Fuzzy Hash: b16149fb2a09698216bc51d294fd6a932d08ff92fa24a9249b4622f33e6c21d1
Instruction Fuzzy Hash: 67317C34B14240CFEB48EB39E45856D3BA3FFC9211756446AE006CB391DFB59C41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0319DC77, Relevance: 1.3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

Strings

l_r, xrefs: 0319DD33

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: l_r
API String ID: 0-1875860616
Opcode ID: 988f3a644bd7f81c94f47e626b7df3f907cce51d5d01f590776780dfedaca4d7
Instruction ID: 9ce6e51687da7a5e601c1a42e4f8621eb4510214e39e722931f360bd1b1e7a05
Opcode Fuzzy Hash: 988f3a644bd7f81c94f47e626b7df3f907cce51d5d01f590776780dfedaca4d7
Instruction Fuzzy Hash: 4F21A135604214CBEF19DA68E8047FABBE6AB8C210F15446BE546AB380DB71988287A1

Uniqueness

Uniqueness Score: -1.00%

Function 0319C7B8, Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

-?o^, xrefs: 0319C834

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: -?o^
API String ID: 0-3903747982
Opcode ID: 70e22ce63df0c7e09ed07f7b354bc8dcf5497d48d35fbc14c77661e4ee567572
Instruction ID: 3c52b74bde85ff52b7be207e07df201ecd40bc3158ee40b0f62e8653b91aa088
Opcode Fuzzy Hash: 70e22ce63df0c7e09ed07f7b354bc8dcf5497d48d35fbc14c77661e4ee567572
Instruction Fuzzy Hash: 4011C871305340CBE718E738859057EBBA69FCA704359899FD08A9F651DFB2AC428791

Uniqueness

Uniqueness Score: -1.00%

Function 0319C7C8, Relevance: 1.3, Strings: 1, Instructions: 59COMMON

Download Yara Rule

Strings

-?o^, xrefs: 0319C834

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: -?o^
API String ID: 0-3903747982
Opcode ID: 3bfd0bfaff3ed275c2cdf4b03f367c2e432457a1aaab5df98f12d28812ab7730
Instruction ID: 0d6e4aac3162a181c1082fae76a4d69ae68b6725782f4caa2c3bf5d5e63ab14d
Opcode Fuzzy Hash: 3bfd0bfaff3ed275c2cdf4b03f367c2e432457a1aaab5df98f12d28812ab7730
Instruction Fuzzy Hash: 9211B671305200CBE71CE738C54017EBAD69FC970478489AE904B4B641DFF2AC428792

Uniqueness

Uniqueness Score: -1.00%

Function 0319C3B0, Relevance: 1.3, Strings: 1, Instructions: 56COMMON

Download Yara Rule

Strings

]?o^, xrefs: 0319C441, 0319C446

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: ]?o^
API String ID: 0-80127909
Opcode ID: 41d6b790cc6a5bd4734addade382017cb55944ad548f9df062c3e972c1b11532
Instruction ID: 7215140449c2f27022f81ab074a4748f81b0f45ceb4daa74a5ba6862780dbc7a
Opcode Fuzzy Hash: 41d6b790cc6a5bd4734addade382017cb55944ad548f9df062c3e972c1b11532
Instruction Fuzzy Hash: 79118C397112509FE305EB38D05472E3BEBEBC9611F0915AAE406DB395DEB4AC42C794

Uniqueness

Uniqueness Score: -1.00%

Function 0319A01F, Relevance: 1.3, Strings: 1, Instructions: 47COMMON

Download Yara Rule

Strings

Hu_r, xrefs: 0319A053

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: Hu_r
API String ID: 0-2935379198
Opcode ID: 9a5116a58ca1f8ef54096b16e366db0c42d90f6951fb33a018f1e19992bc12e8
Instruction ID: 5f5d442795f22ece0b92bc709282cbed5d6559905125e61fa814d43fc7923606
Opcode Fuzzy Hash: 9a5116a58ca1f8ef54096b16e366db0c42d90f6951fb33a018f1e19992bc12e8
Instruction Fuzzy Hash: 52F028313052104BDA48EA6C9CC066E3B96AFC966072A032BE509CF3D6DF255C0947A2

Uniqueness

Uniqueness Score: -1.00%

Function 03194710, Relevance: 1.3, Strings: 1, Instructions: 43COMMON

Download Yara Rule

Strings

X1ar, xrefs: 03194747

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: X1ar
API String ID: 0-3367582976
Opcode ID: 878f43d5a471909fa7a2be8be6258ed559d5ff6a241eff788c192d140e19cb70
Instruction ID: c6537e81dd922e1ebeb29b09bbaff5506eb4915d2ab25c581a26ad67924abb37
Opcode Fuzzy Hash: 878f43d5a471909fa7a2be8be6258ed559d5ff6a241eff788c192d140e19cb70
Instruction Fuzzy Hash: 57F0F636302254ABDE2CD6BA68103AE32CA8BCE661F44047FD60ACB780DE3588838350

Uniqueness

Uniqueness Score: -1.00%

Function 03197373, Relevance: 1.3, Strings: 1, Instructions: 42COMMON

Download Yara Rule

Strings

Hu_r, xrefs: 031973A3

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: Hu_r
API String ID: 0-2935379198
Opcode ID: d2a937557e1075d7f6b570069a7c34774a2b91786635bcdf89e9b88c7d87d1a9
Instruction ID: 99ed74e9938f75d415ca400bcc32ca427a6f89e75bad1d2439459ea27ca99fc4
Opcode Fuzzy Hash: d2a937557e1075d7f6b570069a7c34774a2b91786635bcdf89e9b88c7d87d1a9
Instruction Fuzzy Hash: 06F0463270921087DA08EA7C9C806BD3B8A6FCD230369076BE906CF3DADF605C014361

Uniqueness

Uniqueness Score: -1.00%

Function 03197380, Relevance: 1.3, Strings: 1, Instructions: 40COMMON

Download Yara Rule

Strings

Hu_r, xrefs: 031973A3

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: Hu_r
API String ID: 0-2935379198
Opcode ID: d0d6d600943a698957e72fb65fb4e4f0655a5226a2d1d7045fd8dae3c72a664e
Instruction ID: 38ba21b03c64e17f98a9ee6a838759a6ae6d586e4acc20c909d1fbc8bb5419c1
Opcode Fuzzy Hash: d0d6d600943a698957e72fb65fb4e4f0655a5226a2d1d7045fd8dae3c72a664e
Instruction Fuzzy Hash: 48F0593130921093D908FA2D9C806BE3A8EAFCC630774032BBD068F3C9CF516C4143A1

Uniqueness

Uniqueness Score: -1.00%

Function 03195F5B, Relevance: 1.3, Strings: 1, Instructions: 31COMMON

Download Yara Rule

Strings

=Ro^, xrefs: 03195F78, 03195F7D

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: =Ro^
API String ID: 0-991623108
Opcode ID: 62a6cc262e064f68bc1cf175b93cdfa6b0c1ea766866ab8e656ec96128a1ed89
Instruction ID: feb10f7694ea27c22a7a8fd74ac926def440f3ea3f520aa4c8508437e611e1ef
Opcode Fuzzy Hash: 62a6cc262e064f68bc1cf175b93cdfa6b0c1ea766866ab8e656ec96128a1ed89
Instruction Fuzzy Hash: B1F0A032A56164AFD704DB78C851EB977AAEFCA111709849BE405DF316CB328D01C7D0

Uniqueness

Uniqueness Score: -1.00%

Function 03195F68, Relevance: 1.3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

Strings

=Ro^, xrefs: 03195F78, 03195F7D

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: =Ro^
API String ID: 0-991623108
Opcode ID: e6accc657cc2ee71e565e6e1815b686d570d5e9cd1fec5dd5abd14df7c49c136
Instruction ID: b6aae45bdff7d80c75aa0ef7c603704188ce1ea43a9caefaf93f39eb831449e7
Opcode Fuzzy Hash: e6accc657cc2ee71e565e6e1815b686d570d5e9cd1fec5dd5abd14df7c49c136
Instruction Fuzzy Hash: 5DD0A7213422285BE504E5ADC810DBEB3CECBC9510704885FA90DDB346CF73DC0243D0

Uniqueness

Uniqueness Score: -1.00%

Function 0319FB2B, Relevance: 1.3, Strings: 1, Instructions: 7COMMON

Download Yara Rule

Strings

MOC, xrefs: 0319FDCE

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: MOC
API String ID: 0-624257665
Opcode ID: 5824c6abd31e5f96a7cebbd8c8ad1cac58e5a0ee46b85129bfa99c157c9ec7f5
Instruction ID: 4f01feb6bed1b8b3800caab8c4de3515146f1c56115109ad24c14809b5ca0bd8
Opcode Fuzzy Hash: 5824c6abd31e5f96a7cebbd8c8ad1cac58e5a0ee46b85129bfa99c157c9ec7f5
Instruction Fuzzy Hash: 6EB0921500F3D00EC713D768C8956003FF10C0701030D80C3C084CF067C421540CC323

Uniqueness

Uniqueness Score: -1.00%

Function 06B31030, Relevance: .7, Instructions: 688COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcdbda8d45a74ce90b9dfd9424cbe0cfbd8346a0b574a99eaf510c25ab5ac867
Instruction ID: c678f16b7e311e897dea9542a92aed011548643432c4cc0a9533e15b50f951a2
Opcode Fuzzy Hash: dcdbda8d45a74ce90b9dfd9424cbe0cfbd8346a0b574a99eaf510c25ab5ac867
Instruction Fuzzy Hash: 64522AB4A00215CFDB54CFA8C5809AEBBB6FF89310B25C596D806AF355DB70ED46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 03197A66, Relevance: .4, Instructions: 442COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f586744d41e5310f743d9c7c8ca39635a608e801bdb743f8a99f35056cc65ee1
Instruction ID: 85810e55c3776d1d63867db31e5a1e278ab7ac90aec008703d0bda2ee7b91d4e
Opcode Fuzzy Hash: f586744d41e5310f743d9c7c8ca39635a608e801bdb743f8a99f35056cc65ee1
Instruction Fuzzy Hash: CB022534A00605CFDB14DF68C594AA9BBF2FF88310F6585AAD45ADB791DB70EC41CB50

Uniqueness

Uniqueness Score: -1.00%

Function 06B30220, Relevance: .4, Instructions: 382COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff33e8e4854bd00cca0494535ec8060255d70109ff7e0feb38885c279dca56c
Instruction ID: ec7af7bfca4cec4b4f63f0be9a76a3452fcfaa5c7cd65359f83e39ef050bc883
Opcode Fuzzy Hash: 8ff33e8e4854bd00cca0494535ec8060255d70109ff7e0feb38885c279dca56c
Instruction Fuzzy Hash: 44E15F74E00225CFDB55DF68C480A9EBBB2BF89314F158599D80AAB316DB71ED81CF80

Uniqueness

Uniqueness Score: -1.00%

Function 03195FB0, Relevance: .2, Instructions: 241COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f37819f00e660cb15cf2f8bd5f4dec9f1c163e16a15ec664d7ec42bf792c9a2d
Instruction ID: e546866f50286425ffc7faf4a62bd6db846b38aadc2a1122c99d70a868740c2d
Opcode Fuzzy Hash: f37819f00e660cb15cf2f8bd5f4dec9f1c163e16a15ec664d7ec42bf792c9a2d
Instruction Fuzzy Hash: 9E816131A00619CFDF15CF14C890ADAF7B2EF89314F1585A6D90AAF211DB71AE86CF90

Uniqueness

Uniqueness Score: -1.00%

Function 0319AABF, Relevance: .2, Instructions: 229COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ad8770d2615107c2e44dfa954fea932d8adb866cdbd3a3a83fb77dc2550ffdc
Instruction ID: 606d6014b151f66f74d977d00ca6a8ebd5d56f65cefbd36b1480ce9cb91ba426
Opcode Fuzzy Hash: 2ad8770d2615107c2e44dfa954fea932d8adb866cdbd3a3a83fb77dc2550ffdc
Instruction Fuzzy Hash: AD81C2357016158BD704EB68C890AAE7BB6FFC4310F608629E6069F794DFB0AD46C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 0319E858, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 687f5a743cc8f0d994aff403fabf877b6775c7f26475a66474bf87a24e1b256d
Instruction ID: c5cc61cbb74e7f30c7f868a70e43e678f1f1cf8d89c45afbd7b6df5e04934def
Opcode Fuzzy Hash: 687f5a743cc8f0d994aff403fabf877b6775c7f26475a66474bf87a24e1b256d
Instruction Fuzzy Hash: 46714C34A00205DFEF18DB65C484BAEBBF5BF4C324F19945AE456A7261CB71E881CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 06B307A9, Relevance: .2, Instructions: 180COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fac3e26b6c659c6d004822f4af2aaf24451f0f4bf7d7da3f34342956760ce51
Instruction ID: 81862f97ecc223cb62de202f475d75d7b9356b98f5a12ef84a0cf06083e9b672
Opcode Fuzzy Hash: 7fac3e26b6c659c6d004822f4af2aaf24451f0f4bf7d7da3f34342956760ce51
Instruction Fuzzy Hash: 9751AF71B01124DFDB41EF68D4808AEFBB2FF8431071585A6E9499F252DB30E946CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 06B30070, Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dea6c2e7a84a7ec536f9e38bcc55bf30d214a57c442791a24ec01e0e04d71470
Instruction ID: 20cb8bac588d444eb05245237a098aae26ebf391d62291b6475ae27484b945a7
Opcode Fuzzy Hash: dea6c2e7a84a7ec536f9e38bcc55bf30d214a57c442791a24ec01e0e04d71470
Instruction Fuzzy Hash: 2C5136B1709264DFEB91EB7CD8406AABBF5EF89304B0484EBE10AD7151CB36D841C791

Uniqueness

Uniqueness Score: -1.00%

Function 0319E0F0, Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c03c4ecaca3ac3bc57b50ef3cde4874080e3aebc7fff9287060abd271d0ac2ef
Instruction ID: 2174feaa69b48dde441113bc3369ade74c0a31aa4bb51004c0f0e7295f30422f
Opcode Fuzzy Hash: c03c4ecaca3ac3bc57b50ef3cde4874080e3aebc7fff9287060abd271d0ac2ef
Instruction Fuzzy Hash: 7A517331A00118DFEF09DFA4C8408AEBBB7FF88710B054466E906AF255DB71AD45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 031974E8, Relevance: .2, Instructions: 161COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c79dc891e8c286145c93c1c455e2722a4a9c9aaef7ddf3ddb7eaa91b525cdaf3
Instruction ID: 592fa43e2812639ff36c7cf605250cb8b66fb32380a003851ddaa215652385f9
Opcode Fuzzy Hash: c79dc891e8c286145c93c1c455e2722a4a9c9aaef7ddf3ddb7eaa91b525cdaf3
Instruction Fuzzy Hash: 59311731910219CFEF15CF24C8546DABBB2FF89304F5184A5D909BB245DBB06B8ACF80

Uniqueness

Uniqueness Score: -1.00%

Function 031970E0, Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8d28ea95ea689b57a17e71d9cecc6e6f819e6e8c1fbc971dff8988c9a417901
Instruction ID: d77ac98812b444e1794ca9abe0c598aa9b88afa2e16395f772aa7521ed28a242
Opcode Fuzzy Hash: a8d28ea95ea689b57a17e71d9cecc6e6f819e6e8c1fbc971dff8988c9a417901
Instruction Fuzzy Hash: 73512F35B102158BDF18DBB9C4506AEB7F7AFCC310B15856AC80AAF395EF359D428790

Uniqueness

Uniqueness Score: -1.00%

Function 0319EEC8, Relevance: .2, Instructions: 152COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c40ec4bd5bb75d2ecdc91f5d16ae9824f2b7847030f44f2f41d5b372c02485c2
Instruction ID: da25c41c26348455d05c60900ca22fc4fb8b1dcf82746d09844d77b47927e21a
Opcode Fuzzy Hash: c40ec4bd5bb75d2ecdc91f5d16ae9824f2b7847030f44f2f41d5b372c02485c2
Instruction Fuzzy Hash: 2F51DA34604204DFDB14DF64D498FA9BBF2EF49311F1980AAE9069B3B1DB75AC84CB51

Uniqueness

Uniqueness Score: -1.00%

Function 03198090, Relevance: .1, Instructions: 147COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d93789fb9eff0bf9e56bc47d672b7cff479549a1f65fa90791d5050ecd8604b
Instruction ID: d2bd60d2e0530ce2d28ef564c56dcc0ebef90ed080221a594ad034eaeb81ec5d
Opcode Fuzzy Hash: 0d93789fb9eff0bf9e56bc47d672b7cff479549a1f65fa90791d5050ecd8604b
Instruction Fuzzy Hash: 205122B5D00608CFDB18CFA8C98469DBBF0FF4D310F25856AD95AA7254E7316985CF40

Uniqueness

Uniqueness Score: -1.00%

Function 0319CBB8, Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 837dba2cb3f654d84450751950573f271ef60e528108b21c4073b9ba40bb1725
Instruction ID: 82339c82e0430dbeefd394326ef3c9ce095a2e3066287829d548a8afe9556336
Opcode Fuzzy Hash: 837dba2cb3f654d84450751950573f271ef60e528108b21c4073b9ba40bb1725
Instruction Fuzzy Hash: 8441A430A007058FEB18DF79C9945ABBFE6EB8C710B15C62BC5969B654DB34A841CB90

Uniqueness

Uniqueness Score: -1.00%

Function 03190BC0, Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 559cbd84d4f725e1eadb148d724d420ef10b2a9f284f77133594e51f80d252da
Instruction ID: c59a2de0dea688753c155b8233e21443e9a359c982d7217bcf1233e6df0bc6f8
Opcode Fuzzy Hash: 559cbd84d4f725e1eadb148d724d420ef10b2a9f284f77133594e51f80d252da
Instruction Fuzzy Hash: 0041C531B051048FDB19CF28C414AAE7BE6AFCD310F1681ABE906AF391CEB19D468791

Uniqueness

Uniqueness Score: -1.00%

Function 0319E848, Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc6cf31b5382327715b4bf44f3a554d4b2f3e70b654aa9a42e743123ed860248
Instruction ID: 1fb2eede7e9e6de09cb3ce474dd0ed102d585970799566d3ed20e4988042016a
Opcode Fuzzy Hash: bc6cf31b5382327715b4bf44f3a554d4b2f3e70b654aa9a42e743123ed860248
Instruction Fuzzy Hash: 6B516030A04604CFEF68DF69C084BAABBF5FF4C314F19945AD496A7661CB70E885CB61

Uniqueness

Uniqueness Score: -1.00%

Function 031982C8, Relevance: .1, Instructions: 128COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a41390357c915f03256cbb50bee7dfd19b6532382476bb967aefbfab8d9034a5
Instruction ID: 372674638b1a9e91bc3bde98b7239ebcf3b8d1f1ad8af78216d09f8ba1c05951
Opcode Fuzzy Hash: a41390357c915f03256cbb50bee7dfd19b6532382476bb967aefbfab8d9034a5
Instruction Fuzzy Hash: 0E41B135A04106CFDB04DF68D8849AEFBB1FB8E314F158677E81A8B651D730E996CB81

Uniqueness

Uniqueness Score: -1.00%

Function 0319F878, Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24de1061fc96a50e1f580a3326a2c4bb0a06afc4bd3619d00fd3e531513a2382
Instruction ID: 47f62d50fa086ac64cb45c3989db74a60fdfe63e3853470f800b88090791a10f
Opcode Fuzzy Hash: 24de1061fc96a50e1f580a3326a2c4bb0a06afc4bd3619d00fd3e531513a2382
Instruction Fuzzy Hash: A151C835A00204DFEB04DF68C580EADBBB6BF8C325F165599E511AB365DB31EC82CB90

Uniqueness

Uniqueness Score: -1.00%

Function 03192BF8, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf56619691609c85e40ced8b126f0843a37701ea3502e8fff98c85934067d4bd
Instruction ID: bf150712cdf0982b7ecea1291b272631b6f3cf75b4f0d57a39e8fc013c764f14
Opcode Fuzzy Hash: bf56619691609c85e40ced8b126f0843a37701ea3502e8fff98c85934067d4bd
Instruction Fuzzy Hash: 8741363010E259FFEB19C764D884979BBB4BF4A300B1A8997E046CF262C7769C86C791

Uniqueness

Uniqueness Score: -1.00%

Function 03196C63, Relevance: .1, Instructions: 119COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 626b0d15314237314ff7ce06b5f0f0389031d3ed642014f61fc3c11d706a49fb
Instruction ID: 1f09a0e38d40b608e19742c663fa42d8badb8bcdbca23c96c17e71ba7a62cd20
Opcode Fuzzy Hash: 626b0d15314237314ff7ce06b5f0f0389031d3ed642014f61fc3c11d706a49fb
Instruction Fuzzy Hash: 4141B039B02200DFCB45EF79D4505AE7BF2FF8D210728446AE90A9B392DB75AC05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0319AE60, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41ac42a4008e591ebc678b2e0c3a3c2597a2e6dca18fa8bb0b959b41c8050ee2
Instruction ID: 0cb694ce94861715bd1a3d0cc6079c9bdbc83849356239cb40f0598ff650dac8
Opcode Fuzzy Hash: 41ac42a4008e591ebc678b2e0c3a3c2597a2e6dca18fa8bb0b959b41c8050ee2
Instruction Fuzzy Hash: 473100B1A006658FDB04DBA9C8946AEBBF6FF88710B14446AF406D7750CB70EC41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 03196C70, Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a12503d8717d47e311e48127cf23dd55c1ac3953ce392e8c40aec54a72aa71c
Instruction ID: 4c39b882f5fcf76f46d459f2ec91758953b22c088236a1b10b24cbbb8fcab2ff
Opcode Fuzzy Hash: 8a12503d8717d47e311e48127cf23dd55c1ac3953ce392e8c40aec54a72aa71c
Instruction Fuzzy Hash: 1141A139B02200DFCB45EF79D0505AE7BE2FB8D610768446AE90AAB391DF75AC05CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0319F4AD, Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d360ce4261359d9c9524460fb8f63dc1f56b0342143e1548ddc66ea20d6ef4e
Instruction ID: ee854aa0c4181ee2c5ce655dbeb0f03249fe643a5a0aecc25814b627c9a18522
Opcode Fuzzy Hash: 0d360ce4261359d9c9524460fb8f63dc1f56b0342143e1548ddc66ea20d6ef4e
Instruction Fuzzy Hash: B341E638A00200DFD714DF24D098BA977F2FF8A315F2980AAE9069B7B1DB75AC45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 06B30D38, Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a75fa32b5fbc31aeb05ac27bcb96381cec63cc99a47ac68df694d371d9122a2b
Instruction ID: ac3536c41989a27ccdbeae04cfbcaf2153b6771e2e057c0643d37ae243b2b6fe
Opcode Fuzzy Hash: a75fa32b5fbc31aeb05ac27bcb96381cec63cc99a47ac68df694d371d9122a2b
Instruction Fuzzy Hash: D34117B1E10228DFDB94DFA8C580A9DBBF1FF48310F2484AAD415AB214D731E942CF90

Uniqueness

Uniqueness Score: -1.00%

Function 031902DB, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dfe486cc8f910d218064de41de86055d318ac27dbf39caba523056cb694dec29
Instruction ID: 52dd14eb094abf5fb94a0644d9284bbd3d7f25d8cdb4120396884b8b3868629d
Opcode Fuzzy Hash: dfe486cc8f910d218064de41de86055d318ac27dbf39caba523056cb694dec29
Instruction Fuzzy Hash: 28412A30A01205CFEF58CF68C494BAE7BB2EF8C710F19446AD506AB7A5DB71AD41CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0319F41F, Relevance: .1, Instructions: 104COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0682a564eaea8d6baa9f8958af1b7c49d9d3033b84a6aa94db59e5d00d2af9c1
Instruction ID: 1876cc68cafe0aa9b60ac07867f23267f85365615904679b5f5d650e4145d6ed
Opcode Fuzzy Hash: 0682a564eaea8d6baa9f8958af1b7c49d9d3033b84a6aa94db59e5d00d2af9c1
Instruction Fuzzy Hash: 2A41D838B002009FDB54DF28D498BA977F2EF89715F2940AAE9069B3B1DB75AC45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0319EC20, Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a781ba2de57d9a9843ad57d99381e0866ad836703004396f036a20c96dd22a7e
Instruction ID: 3cee59883c4444c3312b259327aa548018e052ce5d947b6fd7dad110fd36b0bf
Opcode Fuzzy Hash: a781ba2de57d9a9843ad57d99381e0866ad836703004396f036a20c96dd22a7e
Instruction Fuzzy Hash: 6C31B4369001149FDF05EF68D8448AEBBF2BF8D310B0A0867E506AB264DF75AD45CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 0319EC11, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16c678cfd8ca64e514f327695a42fdc6c51310e308d0aac3107e75d764a794a4
Instruction ID: 509617a5305f5a7ab93960346e44e64471daa0cb4863559f4a49ba00dad4dbf7
Opcode Fuzzy Hash: 16c678cfd8ca64e514f327695a42fdc6c51310e308d0aac3107e75d764a794a4
Instruction Fuzzy Hash: 6C31B535900114AFDF05EFB8C8449EEBBF2BF8D310B094867E542AB264DF71A945CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0319F463, Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81191fe5522dda066f52b0919579347cb9f2133f184b1ad2654db2dd3c952f3
Instruction ID: 21ce1a9b3bc3ffc6ae9b707d62401bc3b801667210da0c38115b6c7750addaa8
Opcode Fuzzy Hash: e81191fe5522dda066f52b0919579347cb9f2133f184b1ad2654db2dd3c952f3
Instruction Fuzzy Hash: 1E41E638B002009FD714DB28D498BA977F2FF89715F2980AAE9069B7B1DB75AC45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0319F518, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adcae8c261922e52b079df0dd804dfcc5730968364f94551a109b3f52f4908b8
Instruction ID: 3ac3173dba40121e728c2fae06e911fbf1b66c99f580350d597f89d288cc8cbe
Opcode Fuzzy Hash: adcae8c261922e52b079df0dd804dfcc5730968364f94551a109b3f52f4908b8
Instruction Fuzzy Hash: 2A413D38700200DFDB54DF24D498B6977E2EF89715F2940AAE906DB3B1DB75AC45CB41

Uniqueness

Uniqueness Score: -1.00%

Function 0319E0E1, Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9eb80dda3f5eda63819b0ded544d03bccb1a93c127dd448d9b95ebbaa115c2b4
Instruction ID: 97b9d9a4aa38bec25365d4c3db98a090f52cdedd1189a01d740c12716a51610c
Opcode Fuzzy Hash: 9eb80dda3f5eda63819b0ded544d03bccb1a93c127dd448d9b95ebbaa115c2b4
Instruction Fuzzy Hash: D3319332A00208DFEF09DFA4C9548EDBBB7BF88700B05447BE506AB261DB71AD45CB61

Uniqueness

Uniqueness Score: -1.00%

Function 0319DFC9, Relevance: .1, Instructions: 100COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac126f28facabb6c080dff599a9f20e9f4534039459426785fd9ecd87dfe3a1c
Instruction ID: 12f53430bb999277c269c2251f8069d254f661859eb5b2fa0abcd429ba10d1a6
Opcode Fuzzy Hash: ac126f28facabb6c080dff599a9f20e9f4534039459426785fd9ecd87dfe3a1c
Instruction Fuzzy Hash: B2316F31B00204DFEB14DF68C4846AEFBF5BF8C210F2A956AD409E7241DB71E881CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 031945C8, Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d48cc24a4fd5110764c9f6ed2cfcb79d299899a997775d9f822c87847d8f8d
Instruction ID: fb0d1e6df323593c8d9bc6da40bd95dc0fbf116b94f732f605e92db6ba3585d0
Opcode Fuzzy Hash: 21d48cc24a4fd5110764c9f6ed2cfcb79d299899a997775d9f822c87847d8f8d
Instruction Fuzzy Hash: 99216FB5F0021A9BEF04DAAADD41AFEB7BDEBCC204F144127D619D7140EF70994687A1

Uniqueness

Uniqueness Score: -1.00%

Function 06B30A18, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 100f7c60a4192ec24016f4716cc2839ff038a39b7b47108751d294ca94a3c9cc
Instruction ID: 1cc0f9fafa5a716b1022497d6ab8e9e5e431ec1ce82d15a61cdc70ad74b53fb1
Opcode Fuzzy Hash: 100f7c60a4192ec24016f4716cc2839ff038a39b7b47108751d294ca94a3c9cc
Instruction Fuzzy Hash: 2A411CB0A05B60CFE3B9EB2AD540766BBF1FF85305F54D8ADC09A86A60DB75A441CB40

Uniqueness

Uniqueness Score: -1.00%

Function 031943C0, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e06645da0d7f4360ab10e915e8453f8a1b170f8b17fd22f7d0bf7e84d111482c
Instruction ID: efb4e5f9d373ca06e8f19c589fb7f329f700493cb6ac67c9776ad8735c0d2820
Opcode Fuzzy Hash: e06645da0d7f4360ab10e915e8453f8a1b170f8b17fd22f7d0bf7e84d111482c
Instruction Fuzzy Hash: F631DC35201111CFDB05EF68D8488ED7BF2FF8E31470880A6E5029B279EB39A956CB90

Uniqueness

Uniqueness Score: -1.00%

Function 031970D0, Relevance: .1, Instructions: 94COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b6768b61bc17370560a72ce69e38680397549d68dc92db44577fac5029df27
Instruction ID: a4891cf4ab0d48e21126ab02c67ec5ceefa4710ef628cb68516781260172b5df
Opcode Fuzzy Hash: 32b6768b61bc17370560a72ce69e38680397549d68dc92db44577fac5029df27
Instruction Fuzzy Hash: C4312035A002198FDF19DBB9C4509EEB7F2AFC9310B14856AD405AB354DB35AD46CB90

Uniqueness

Uniqueness Score: -1.00%

Function 06B30006, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aed70b00e5fde3d969aa736f976041d97860e5c3cbfc3b02d178c063133f3d5f
Instruction ID: 29cdc7c644c31d6ca7d8c5db6ca2e2c611d4f4457815f10df422ecdd812a5e8b
Opcode Fuzzy Hash: aed70b00e5fde3d969aa736f976041d97860e5c3cbfc3b02d178c063133f3d5f
Instruction Fuzzy Hash: F4319C7160E3948FD3869F7488642A13FB1EF67300B0A50DBD081CB1B7D7789945C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 0319E538, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c03644c40197e956ebe483359670771f2651824dc8fabc5db6fd06a52f81bb9
Instruction ID: 34de3400656aef18997b6b2012bf7d9d2c7d8d27e77323dd7dc294a694112d15
Opcode Fuzzy Hash: 0c03644c40197e956ebe483359670771f2651824dc8fabc5db6fd06a52f81bb9
Instruction Fuzzy Hash: 45312B35B01604CFDB54DFA9C5846AEBBF6BF88300B504429E506E7751EB71E942CB91

Uniqueness

Uniqueness Score: -1.00%

Function 03190007, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c5dd7188690d268a879011941c4dde8d33eb0adc463b440306a596162b6bad4
Instruction ID: c05f952e3ccf31ff8eb6693342abff0fce483a8d808fa3901e7086d70f4d8fa4
Opcode Fuzzy Hash: 4c5dd7188690d268a879011941c4dde8d33eb0adc463b440306a596162b6bad4
Instruction Fuzzy Hash: 5231593010A386DFCB06EBB4D8A44553FF1FF8621570A44ABE581CF26AEB799845CB12

Uniqueness

Uniqueness Score: -1.00%

Function 031950E0, Relevance: .1, Instructions: 92COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 64dd4546ef7b5268dec50b5ea5ad746d3a350b05b4eda617e6f8c6f9551c60ff
Instruction ID: 9496b8f4f1e6b1aa5ffc1d424ef6321ed20219f2732a18b698519438c5cbcc65
Opcode Fuzzy Hash: 64dd4546ef7b5268dec50b5ea5ad746d3a350b05b4eda617e6f8c6f9551c60ff
Instruction Fuzzy Hash: 4E216F31A013099FEF05DFA9C4146AEBBF6AFC9300F15442AD50ABF255EB749986CB80

Uniqueness

Uniqueness Score: -1.00%

Function 0319DDD8, Relevance: .1, Instructions: 90COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1e867a7a4225e3e380f82cb8d5e0ec61840d6a66987b515e098dc5726157c6
Instruction ID: 437cba712214ea890b783d7db7a092ecfa1109393607cc4b7885ba09f57d3295
Opcode Fuzzy Hash: da1e867a7a4225e3e380f82cb8d5e0ec61840d6a66987b515e098dc5726157c6
Instruction Fuzzy Hash: 173139313417018FC755DB78C86026A7BA3BFC03187A4996CD2868F794DEB6E9438B80

Uniqueness

Uniqueness Score: -1.00%

Function 031943D0, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 017dcd96540c74f7124d276b0dbdf026ef10056d4da52a0ce840269d25ebf09e
Instruction ID: 8db144e2691c57e31d75495d675c1822f3b12084ef47943942a63a8c2e9cc8c3
Opcode Fuzzy Hash: 017dcd96540c74f7124d276b0dbdf026ef10056d4da52a0ce840269d25ebf09e
Instruction Fuzzy Hash: 4E31DF35201115CFDB04EF68D84489D7BF2FF8E31470880A6E6069B278EB39AD56CB80

Uniqueness

Uniqueness Score: -1.00%

Function 031985C0, Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6033695d309246ff4328f7b106b083fccee7fc39804aba91cecc822d95f72ab9
Instruction ID: 082b5abe5a5eaf07b7dc78e0ebe1e0e959f66b0a88e635a31e749be2ca777dde
Opcode Fuzzy Hash: 6033695d309246ff4328f7b106b083fccee7fc39804aba91cecc822d95f72ab9
Instruction Fuzzy Hash: 0B317C70D09249CFEF58DFB4C5916AEBBB0FF4A300F16449BD4029B261E7759A84CB52

Uniqueness

Uniqueness Score: -1.00%

Function 0319FBF8, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1853839292ec8c1252365ea242c6d5116d7d7896f5aa449dc9fa993c14ba9a2
Instruction ID: b6f175017bb7f1ead9a589e4cb99e0ffed076b7b0a82c87ba6694db8c7cab41f
Opcode Fuzzy Hash: d1853839292ec8c1252365ea242c6d5116d7d7896f5aa449dc9fa993c14ba9a2
Instruction Fuzzy Hash: D6318134604601EFEB29CB28C984D6AFBF1BB88312F15895BD953C7651C731B886CB40

Uniqueness

Uniqueness Score: -1.00%

Function 0319EDD0, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f820630a8efadc4e9c6164be70f61abdcaba197c7ea618a346fc84b55b08bb63
Instruction ID: 24fdf081baa3daf3c11d8c15cb1724d710df6600775c4f5063e333d367ba4912
Opcode Fuzzy Hash: f820630a8efadc4e9c6164be70f61abdcaba197c7ea618a346fc84b55b08bb63
Instruction Fuzzy Hash: 3B314B75A00208DFDF45DFB9C840AEEBBF6EF8C300B15842AE515AB251EB359991CB61

Uniqueness

Uniqueness Score: -1.00%

Function 031955E8, Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cd896910710b7b45da8db63e5845fab8b45f5f4938b31e0b6e1d6cb6f199ae0
Instruction ID: 46d03f4d38b0d4854fd1f33db31bc3a63a73601c50457f25eea6dc32bce444bc
Opcode Fuzzy Hash: 6cd896910710b7b45da8db63e5845fab8b45f5f4938b31e0b6e1d6cb6f199ae0
Instruction Fuzzy Hash: 6A21AE30B502058BEF19AF78C4557AEBAE7AB88720F19006AE502FB3D0DFB549418B91

Uniqueness

Uniqueness Score: -1.00%

Function 06B30A08, Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 694f851c4ea524cc6695e94ac5b2106f96d7456e03299849c628d931b4b484d2
Instruction ID: 2fd3cc10de10d65ae49ec6800d8b83d2d705c5b4be69dcde4d60d00aad23af1b
Opcode Fuzzy Hash: 694f851c4ea524cc6695e94ac5b2106f96d7456e03299849c628d931b4b484d2
Instruction Fuzzy Hash: 19319E70A05B50CFD76AEF39C940656BBF1EF85204B5888AEC08A8AA61D775E446CB00

Uniqueness

Uniqueness Score: -1.00%

Function 0319A748, Relevance: .1, Instructions: 81COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5930be4af1b9fd655e79fc2c8370d9bbfd56d8f09480037c6f24454ff98dbdc
Instruction ID: a13feeb2261136dfe4979839035929ed01094a0ef39a47c7500e40279c30b9af
Opcode Fuzzy Hash: d5930be4af1b9fd655e79fc2c8370d9bbfd56d8f09480037c6f24454ff98dbdc
Instruction Fuzzy Hash: 73219F34B00259DBDF18DF78DC419EEB7B5BF8C350F10496AD502AB244EB71A889CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 0319EB11, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20a42190dba61d9ea9662d8d9e969208a73e13b431455220269de168caf8e58b
Instruction ID: fabe2507c49c8e1100a7432168356d950259ebc1b801366542e464471c5b6226
Opcode Fuzzy Hash: 20a42190dba61d9ea9662d8d9e969208a73e13b431455220269de168caf8e58b
Instruction Fuzzy Hash: A4216071A06205DFEF59CF68C4446A9BBE1BB8C311F29456AC44BE7300DB719882CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 03196A9E, Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 819fcb0f590d217e6a89479c4f8dcbbf6e3d308f200f912c67bf27e9d945b929
Instruction ID: 9a5b4bb3fc6fc97da7619b4db094d33388648f6b5369407615f9d50f386ef51a
Opcode Fuzzy Hash: 819fcb0f590d217e6a89479c4f8dcbbf6e3d308f200f912c67bf27e9d945b929
Instruction Fuzzy Hash: 5F318F39211204CFD714EB38D4641AD3BE6EF8A3587549A6EE1068B355EFF5AC06CB81

Uniqueness

Uniqueness Score: -1.00%

Function 031921E9, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69ff46a9dbdc99c813ce847d1dd3d3e1b03f412b7850d097bf4d56cda8ca3350
Instruction ID: e3bfe316f6e4d09f641984e6c2a8665df5c53b591cad8c3dd537de8b0d89b245
Opcode Fuzzy Hash: 69ff46a9dbdc99c813ce847d1dd3d3e1b03f412b7850d097bf4d56cda8ca3350
Instruction Fuzzy Hash: 48312970D0920DEFDF58DBA4C5416AEBBB5BF4C300F15499BD4029B265D7349A82CB92

Uniqueness

Uniqueness Score: -1.00%

Function 03195831, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a5ddf1701f9f10150d45e0353e52d8bb1752c77453fb53aaf8cec5945a1beb1
Instruction ID: f6917aa8f78f2bccc0c7c6352e9cbe71af131d074f7f90bce5af56fbd10f079c
Opcode Fuzzy Hash: 0a5ddf1701f9f10150d45e0353e52d8bb1752c77453fb53aaf8cec5945a1beb1
Instruction Fuzzy Hash: CE21D835B012059BEF09EBBAC45097FBBABAFCE210755457BD406AF351EE718C0083A0

Uniqueness

Uniqueness Score: -1.00%

Function 031925DE, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8929f905c6f08fc51ac2ae745ae3c5d645041d34b5aa1cc01cabfca0573a0a2d
Instruction ID: 2c82ee02b4e9873c0bcb22f9333a474a759cfaf1d44fa05fb91d9f1e3f33fe4d
Opcode Fuzzy Hash: 8929f905c6f08fc51ac2ae745ae3c5d645041d34b5aa1cc01cabfca0573a0a2d
Instruction Fuzzy Hash: AD318134A0124ACFEB50DF65D44075AFBF2FF88314F18D56AC4069B268DB78948ACF81

Uniqueness

Uniqueness Score: -1.00%

Function 031989D6, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c878247b500ee1dcd4fd6d0e382be29d370c6a795d74559797d42d933d229ced
Instruction ID: c1f3c8fcef1143ab2769d95496f334259b505fa91c512b7ff91a15f2599326af
Opcode Fuzzy Hash: c878247b500ee1dcd4fd6d0e382be29d370c6a795d74559797d42d933d229ced
Instruction Fuzzy Hash: F4318A74A10249CFEB20CF65C44025EFBE2FF89314F19E56AD005AB291DBF4A486CF41

Uniqueness

Uniqueness Score: -1.00%

Function 03194F10, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f16037e40fdc90baf5ef2ef4d5778563b73882abc0500f3b95bf3c981270325
Instruction ID: 2af58780150da4edb5a091758fed1e89e7855ab7c9a649464f19f2b98715a6f0
Opcode Fuzzy Hash: 5f16037e40fdc90baf5ef2ef4d5778563b73882abc0500f3b95bf3c981270325
Instruction Fuzzy Hash: 7C21D4302091068FDB08DB7EE8909B93B96FBCD7513159567D1028B654EF749D83C792

Uniqueness

Uniqueness Score: -1.00%

Function 0319AE50, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f775759c47eacfd96a3f99cb632c9f03767cff98e109cb628ca9c5cef52ec629
Instruction ID: 2feb3ded6c7f3c6c09c15ecdd9ec54e03442179608789b54baa9f8fd6034bb92
Opcode Fuzzy Hash: f775759c47eacfd96a3f99cb632c9f03767cff98e109cb628ca9c5cef52ec629
Instruction Fuzzy Hash: BA2181B5E042658FDB04DF99D8985AEFBF2FF8D200B14416AE855E3350D770AD15CB90

Uniqueness

Uniqueness Score: -1.00%

Function 031948B9, Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e8ef18f7bf2fa025607752a9b74f197a4ca42698c708da914df8f216ba157a12
Instruction ID: 5fb876a4ea9b7b545f8f73e20b10562141c022c348ab33c1c8fca758b90e88aa
Opcode Fuzzy Hash: e8ef18f7bf2fa025607752a9b74f197a4ca42698c708da914df8f216ba157a12
Instruction Fuzzy Hash: 3011E632A04119DBDF19DFB9C8508FEBBBAAFCD710B05402AD506B7250EF305A4787A1

Uniqueness

Uniqueness Score: -1.00%

Function 0319F9DE, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 52c7cdf620dc4e634f8e237b03e029b9cf1536077499f4822d08a49cce576215
Instruction ID: 5b9969844c5c7bea7979fee1538c2c9ec8d20b42a2bebd2402f84a7b43738cd8
Opcode Fuzzy Hash: 52c7cdf620dc4e634f8e237b03e029b9cf1536077499f4822d08a49cce576215
Instruction Fuzzy Hash: 37317435600204DFEB05DB68C580EA9BBB6FB88325F164195EA11AB366D735EC81CB50

Uniqueness

Uniqueness Score: -1.00%

Function 03195840, Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7bdb0a2976b4dc9ec5711440a17596a381780541029336a5ff4ad9c9559bfa98
Instruction ID: 599cf28b596813a01d990da5250b49f789a7ded3153eb6f60191a33de930fe8a
Opcode Fuzzy Hash: 7bdb0a2976b4dc9ec5711440a17596a381780541029336a5ff4ad9c9559bfa98
Instruction Fuzzy Hash: 6E119335B112149BEF08E7BA945097FB6EBAFCE214B51493B9506AF351EE718C4043A1

Uniqueness

Uniqueness Score: -1.00%

Function 0319A738, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e54913f75fad83fb771dbbbf5ab8237fae4c62e51a29604463033163a493946
Instruction ID: 62fe0e61793c84c75a409bcf5eb703088043859a8ac5965bdd7ccf263419cd1c
Opcode Fuzzy Hash: 8e54913f75fad83fb771dbbbf5ab8237fae4c62e51a29604463033163a493946
Instruction Fuzzy Hash: BC110334B00255DBEF1CDF68CC41AAE77B1BFCC790F15446BE402AB244EB72A8488790

Uniqueness

Uniqueness Score: -1.00%

Function 031921F8, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ab56e9df97c3a7794d9c7bc963791f12d225ef7d7b5c7ed0f8cd13e499e0ef67
Instruction ID: 3d3556c9815fefcd9fffa18a3831d84e322fb5e1a7a4117c71d653af68f085fc
Opcode Fuzzy Hash: ab56e9df97c3a7794d9c7bc963791f12d225ef7d7b5c7ed0f8cd13e499e0ef67
Instruction Fuzzy Hash: BA212E30D0920DEFDF48DFA4C5446BDBBB5BB4C300F11486BD4029B294D7759A82CB92

Uniqueness

Uniqueness Score: -1.00%

Function 0319E3E0, Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a9ea3246ca1bad1ca4b8453c0e45dc914d8f24a9c76f9eb9b27e8977e69862e
Instruction ID: f93475e4029084fa5e6700648572e8f1dbc7385283bb6a55f358b74952a0d089
Opcode Fuzzy Hash: 2a9ea3246ca1bad1ca4b8453c0e45dc914d8f24a9c76f9eb9b27e8977e69862e
Instruction Fuzzy Hash: 0B216D71A00114DFEF58DFA8C540ABEB7F5EB8C210B15806BD40AE7241DB31AD42CBA2

Uniqueness

Uniqueness Score: -1.00%

Function 03195000, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8935c50b85be3eb2d2e7a730df3e0ea7762da23f0b6fd6499f76d110b74f158d
Instruction ID: c7dd2526724d63325ac2087db3c414711b3e0158e59df9b5c47fd462181b602c
Opcode Fuzzy Hash: 8935c50b85be3eb2d2e7a730df3e0ea7762da23f0b6fd6499f76d110b74f158d
Instruction Fuzzy Hash: 7F11B731A012158FDF45EBB8C8506AE7BE2EF8D210B5A4577C906EB244EF349D418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 031950D0, Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3fe58722b2875e57cf14000ff23cdedb0caac6948896c97702058809b80a0d14
Instruction ID: 43869e2ae31d55aecbc67c8f8d10468663b1b30ad301f3135cdc2cca8043e5d2
Opcode Fuzzy Hash: 3fe58722b2875e57cf14000ff23cdedb0caac6948896c97702058809b80a0d14
Instruction Fuzzy Hash: 75113D71D013099FEF01DFA4C8446EEBBB6AF89340F114926D509BB255EB74698ACB81

Uniqueness

Uniqueness Score: -1.00%

Function 03194511, Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f2d623f6bc17bfd2b5fc47a4125f1f92a7ad7b0243a1e07265471d27d9fbd74
Instruction ID: ac4378483344906091bee30ebb21e34ee088d40d177e94be3874b222b0eb94be
Opcode Fuzzy Hash: 4f2d623f6bc17bfd2b5fc47a4125f1f92a7ad7b0243a1e07265471d27d9fbd74
Instruction Fuzzy Hash: 27110E32E041018BEF18CAA9E4102FFB7A69FCE211F09417BA9069B344DF319D56CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0319FE59, Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4efc030552669a6ee47c2501716114df43e51af62a840fb57d67dfa104b6ab29
Instruction ID: ca357cc30ea3d1d19d0be1e303786ed7f4975da606435da3a55e19999e73ae8b
Opcode Fuzzy Hash: 4efc030552669a6ee47c2501716114df43e51af62a840fb57d67dfa104b6ab29
Instruction Fuzzy Hash: 5921D336800114EFDF069F90D848CA8BFB6FF49321B0A8496E645AB072C772E566EF51

Uniqueness

Uniqueness Score: -1.00%

Function 0319E3D1, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07724405f22f7945cfb32c560df037df68ff04a694814161c2c48a3e189c65cd
Instruction ID: 17f192d472c2320a66db22af638cb17763b03fdcba18f8dc14463a579c6c7ec3
Opcode Fuzzy Hash: 07724405f22f7945cfb32c560df037df68ff04a694814161c2c48a3e189c65cd
Instruction Fuzzy Hash: 07112975A00104DFEF68DF58C5849BAB7F5FB4C310B25806BE54AE3201D331AE81CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 0319FA8F, Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90010cf14bee199bc03dd9699ac19002b865d74a3ef533bd4ccf851a794124c6
Instruction ID: 020896968e3e4a8e5f29286b9190ea11e943fd2946a7f26cc9dadfdb8678fa74
Opcode Fuzzy Hash: 90010cf14bee199bc03dd9699ac19002b865d74a3ef533bd4ccf851a794124c6
Instruction Fuzzy Hash: 6811E630905254AFCF52DF79DC90AEABFF5EF4A20071889A7E084CB152E7308951DB61

Uniqueness

Uniqueness Score: -1.00%

Function 06B30989, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd78cf60d1aa150e62cb23251620fd7986946d1bafe50b3f8de425cc5d21f328
Instruction ID: 39ae3166cd5dba9355c125aa19f20b6d071baf6bf31fae8871f92275d6b83f20
Opcode Fuzzy Hash: bd78cf60d1aa150e62cb23251620fd7986946d1bafe50b3f8de425cc5d21f328
Instruction Fuzzy Hash: 7E115E329046599FDF03CF94C8049DFBB73AF86321F094195ED457F022C6B2265ACB90

Uniqueness

Uniqueness Score: -1.00%

Function 0319C698, Relevance: .1, Instructions: 61COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 84555fe58e2b52229bb6b2067e04a0ddf20b2c11f561e6d17bd587d822a31213
Instruction ID: 8c701606864693eb2fd6debd56cc9b543305286674ab7648b9768cd5dda0da3d
Opcode Fuzzy Hash: 84555fe58e2b52229bb6b2067e04a0ddf20b2c11f561e6d17bd587d822a31213
Instruction Fuzzy Hash: 53118F75B00114ABDB48EB69D850A6EB7EB9FCC710719806AE80A9B391DF31AD02C791

Uniqueness

Uniqueness Score: -1.00%

Function 0319F770, Relevance: .1, Instructions: 60COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b48b574e7a670bbcc815696cce3d37a2ed74eec50ae5b9855d9aaac95f8adbd5
Instruction ID: 5b4cfdff46d958b83870bd770ab85806732d6e28513eef2a719bc3260ef49125
Opcode Fuzzy Hash: b48b574e7a670bbcc815696cce3d37a2ed74eec50ae5b9855d9aaac95f8adbd5
Instruction Fuzzy Hash: 6D11BE31A04308EBEF18DF64D8447AEBBB1AB49316F1444BFC112E7341CBB55896CB90

Uniqueness

Uniqueness Score: -1.00%

Function 031C087C, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475726476.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e624f987f2e5384156219e54641f282427122206c7bab2db7e742a9aab0562c
Instruction ID: 09dc63a2ca677b88487c49f402a980bfe07cbeffc500e70730a7430602057394
Opcode Fuzzy Hash: 8e624f987f2e5384156219e54641f282427122206c7bab2db7e742a9aab0562c
Instruction Fuzzy Hash: FC11E4346143C4DFD705CB14D540B26FB95AB9C708F28C99CE9490B643C77BD803CA91

Uniqueness

Uniqueness Score: -1.00%

Function 0319CA18, Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ddc1dedc6af1f2a471fbbc0d56a2329162c797140461e27910602313c3634cbb
Instruction ID: a67c96e5facb70c1ee80d25203001126c0d1cf305dd20cd7dd003263fa391ffb
Opcode Fuzzy Hash: ddc1dedc6af1f2a471fbbc0d56a2329162c797140461e27910602313c3634cbb
Instruction Fuzzy Hash: 43112934300601EFDB28DA59C990966F3AAFFC8314B14D55AD49A47B50DB71FC42CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0319FE68, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 380d8a94de15cfd9a8eba9573d3698db0bf5a94f1857b49197a539424c3b0090
Instruction ID: e0cf733f0b66a4b908b2568719da6a1638326f77e9f718bd08c1205cd937c688
Opcode Fuzzy Hash: 380d8a94de15cfd9a8eba9573d3698db0bf5a94f1857b49197a539424c3b0090
Instruction Fuzzy Hash: C911A436400118EFDF0A9F90D808CA9BFB6FF4D321B068495F605AB072C772D566EB51

Uniqueness

Uniqueness Score: -1.00%

Function 0319DAE9, Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c0cb333817f9b9d2574683b4f3c9cd33c58a3052fad930f5f402d0f4d8e6be2
Instruction ID: 16bfdf2b120d1395f39e1732a01c505b82854b01ad90976a3d3e7ea4c552d095
Opcode Fuzzy Hash: 5c0cb333817f9b9d2574683b4f3c9cd33c58a3052fad930f5f402d0f4d8e6be2
Instruction Fuzzy Hash: A301C435702220AFDF146BB898549AF7BAAEFCE214714497BE406DB345DE758C0187A1

Uniqueness

Uniqueness Score: -1.00%

Function 03195730, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8065a65f7ee6c578ef5b8e7eb76ca0f5be0ab692b18f5bd6453145ba84e8b274
Instruction ID: cc825478065cda45812a03c65b476ca6a38810b55436e7da88ee233798e10a2d
Opcode Fuzzy Hash: 8065a65f7ee6c578ef5b8e7eb76ca0f5be0ab692b18f5bd6453145ba84e8b274
Instruction Fuzzy Hash: D111BF71A10205CFDB19DFB4E8406FE7BF2EB8A740F60112BC101A7294E7358E42CB91

Uniqueness

Uniqueness Score: -1.00%

Function 031911DF, Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8265c478243d73e6d9f11ab2abd94758d0498456de553b84d6288f4d24c5cad0
Instruction ID: 0a64fedb23c5001e79edfa0348a21ba9f89fd161b6e98cd39c5421f5d9bdedb4
Opcode Fuzzy Hash: 8265c478243d73e6d9f11ab2abd94758d0498456de553b84d6288f4d24c5cad0
Instruction Fuzzy Hash: 99115E303091819FCB09DB28C4649A97FF5AF8E60172A45EBD546CF272CB655C898741

Uniqueness

Uniqueness Score: -1.00%

Function 03198080, Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20b23d496fe4fd022932e12c840f67db0252eb7c3b67d57720d2cb824c8468a1
Instruction ID: fcf783ab2f74e9b46c306b04eb87bdb764e979a46a80b7c104dc39ae551edb5c
Opcode Fuzzy Hash: 20b23d496fe4fd022932e12c840f67db0252eb7c3b67d57720d2cb824c8468a1
Instruction Fuzzy Hash: 8A11C471904208DFDF15CFA4D444AEEBBF1EF8E300F1944AAD502A72A1D7316D49CB91

Uniqueness

Uniqueness Score: -1.00%

Function 06B30998, Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6ff4415e1929fd4e69adbf2eb8bdb957c69f849d2aa5e94d9d4cfa081dea064
Instruction ID: cc51c615baacf3ce9a3998c52c482d729d080f66fb12ff04cd9b5003b5d53434
Opcode Fuzzy Hash: e6ff4415e1929fd4e69adbf2eb8bdb957c69f849d2aa5e94d9d4cfa081dea064
Instruction Fuzzy Hash: 5C010876900A199FEF02DE84C8049DFBB77AF8A321F054150EE053F021C6B2665A8BD0

Uniqueness

Uniqueness Score: -1.00%

Function 031954F8, Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ff7aaac6da632c4175a1917fbfb0df6476f4063f94f0f4ff35b210e3d178de08
Instruction ID: ce846a12444d9fb36e73b097689d9e95adf30c3ff6595be57f9ec594a3ef7cb2
Opcode Fuzzy Hash: ff7aaac6da632c4175a1917fbfb0df6476f4063f94f0f4ff35b210e3d178de08
Instruction Fuzzy Hash: 2B119134A212058FDB04EFB8D840AEE3BF6EB8D705B14452BD206D72A5EB345941CB91

Uniqueness

Uniqueness Score: -1.00%

Function 031C0859, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475726476.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1ce52590fa513b3b8b32d0b1f15b56259365f001653f62b095177d086e2b459
Instruction ID: e5ad89e7681d7749fef66bdc1d4f0ef7af2b3a7f453a3b09deedcbb7ebb74cd6
Opcode Fuzzy Hash: b1ce52590fa513b3b8b32d0b1f15b56259365f001653f62b095177d086e2b459
Instruction Fuzzy Hash: 481179755097C48FCB07CB20C850B55BFB1EB5A708F29C6EED8894B6A3C33A8806CB51

Uniqueness

Uniqueness Score: -1.00%

Function 0306AD64, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.474983851.0000000003062000.00000040.00000001.sdmp, Offset: 03062000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7caf42f8df0813fec4964d49094c0f3f7389406bdc2f3ffc4fb83a6f86113b4b
Instruction ID: 2cc9b12aa25ca9b35daa2076b86abf712fa3445f7111b6848dc91eb647f875e0
Opcode Fuzzy Hash: 7caf42f8df0813fec4964d49094c0f3f7389406bdc2f3ffc4fb83a6f86113b4b
Instruction Fuzzy Hash: EC11DAB5608305AFD350CF19D840A57FBE8EB88660F14895EFD9897311D271E9048BA2

Uniqueness

Uniqueness Score: -1.00%

Function 03194FF0, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e8544aaf610cdd6ea4b5f4d55c6797d60a47f8d00139580c4aa2af60c26361a
Instruction ID: b69da664388e08e39146b6663175abe8d97ce87e73f4d4f6d0c9bb16ed36d86a
Opcode Fuzzy Hash: 1e8544aaf610cdd6ea4b5f4d55c6797d60a47f8d00139580c4aa2af60c26361a
Instruction Fuzzy Hash: 4E018432E01209CFDF45DBB8D8517EE7BE2EB8E610B594527C506E7240EB3049418BE1

Uniqueness

Uniqueness Score: -1.00%

Function 031905B9, Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d04255e1776372d96f44da695a6c3b807d3a888b6ae5f5aa45fe91770cbe6208
Instruction ID: 940ba534958a6f6070c92bb43bef7039dc745ceca7aa355c08ef8a494658b584
Opcode Fuzzy Hash: d04255e1776372d96f44da695a6c3b807d3a888b6ae5f5aa45fe91770cbe6208
Instruction Fuzzy Hash: 1E0121313011A80BCB19E77DD4215FF2B9B9FCA644318405BE106CF385CE748C4243E6

Uniqueness

Uniqueness Score: -1.00%

Function 03194789, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0437b9dbe5f9d3b74209e72db387f2866a57c96c27b74798ac2ee9b02781c0
Instruction ID: b4d72a74f2991599248f8929826196724e526cc3bd1db28efc16061d1dce2043
Opcode Fuzzy Hash: 4e0437b9dbe5f9d3b74209e72db387f2866a57c96c27b74798ac2ee9b02781c0
Instruction Fuzzy Hash: E2012972E011098FCB54EFB8D4506EF7BF6EBC9750F20443AD50AE7280EA3549468B95

Uniqueness

Uniqueness Score: -1.00%

Function 0319238F, Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 46a2612fd5023452acd22ed5503617ce6f0ea5b30862da94f86e676df24d7e0a
Instruction ID: 8db6f946c9a78b8ac65a4a6d91d3e9272caf1545b2a6648dcdf429bc96ec5953
Opcode Fuzzy Hash: 46a2612fd5023452acd22ed5503617ce6f0ea5b30862da94f86e676df24d7e0a
Instruction Fuzzy Hash: 9511367090421DEFEF28CFA5C980AAEBBB1FB4C300F11486AD606A7745DB751982CF90

Uniqueness

Uniqueness Score: -1.00%

Function 03195740, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db32d31311090e1f36e6889f2841a3273ee8c3f2103e52670699d7369e5f0a92
Instruction ID: 72ae3b8d62e855748ad0e2c4c50f3f696aa90af1654aebe0be84180299307cf8
Opcode Fuzzy Hash: db32d31311090e1f36e6889f2841a3273ee8c3f2103e52670699d7369e5f0a92
Instruction Fuzzy Hash: 5D117C30A10208CFEB09DF75D9406AE7BF6EB8E380F60012BC605A6294E7359E41CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0319A398, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9faf747dfd46f5f2db4cbee7ef15f46f58d4499742878c6786332720ca4a88a2
Instruction ID: 7e1b7aaa7f0cfb41538dc001eb984bb6202eff013cd7e9c73a0c12cd4871c783
Opcode Fuzzy Hash: 9faf747dfd46f5f2db4cbee7ef15f46f58d4499742878c6786332720ca4a88a2
Instruction Fuzzy Hash: B701B131A04108CBEF18DA54C854ABFBBB19F8C314F2A446FCA16A7240CFB16E498BD1

Uniqueness

Uniqueness Score: -1.00%

Function 0319DAF8, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b597d058de72b9c12d439e7673827197f33ae31af56aecac19718726ae2973e
Instruction ID: 292f37afeb3c5995adec73ddf6dd19992c35b4f47dcabb4a171ee0fd857ca432
Opcode Fuzzy Hash: 2b597d058de72b9c12d439e7673827197f33ae31af56aecac19718726ae2973e
Instruction Fuzzy Hash: D5018F75702224AFDF186AB9981896F7AEEEFCD624710483AE506DB384DE758C4183A1

Uniqueness

Uniqueness Score: -1.00%

Function 03197938, Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 576f6e744bfdf59ee029497b64d9faf2815430b7ef1883f43bc921e4411c13f2
Instruction ID: eede02e5ca51109c0b1abc11f4f075f5764fc94b49c47c5e725fb4b4ff3dbca1
Opcode Fuzzy Hash: 576f6e744bfdf59ee029497b64d9faf2815430b7ef1883f43bc921e4411c13f2
Instruction Fuzzy Hash: EA018C31A24108CBEF18DA68C950ABEFBBADF88260F15446FC156A7280CB61A94187D2

Uniqueness

Uniqueness Score: -1.00%

Function 0319C3A1, Relevance: .0, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20f732b88e3a2255cabefbafa0218a6a9359247d6898269d2e5f1d5dad070092
Instruction ID: 93fc602800fcb8bc59883cedd982fa1bcc03441e26f8285e331b0b300606c8ec
Opcode Fuzzy Hash: 20f732b88e3a2255cabefbafa0218a6a9359247d6898269d2e5f1d5dad070092
Instruction Fuzzy Hash: 9701D234711290CFD301DB38D09462D3BE7EB89211F0909E6E046DB2A6DBB49C86C754

Uniqueness

Uniqueness Score: -1.00%

Function 0319A38B, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9426940ef845f387209595eac17e81207ef0bb27a72fa8660a1cf98784beb0a4
Instruction ID: 7fb2ab3092e4e5e7ac87f211ac6f142a1ef1d2d1a4af7466076855f7628f3421
Opcode Fuzzy Hash: 9426940ef845f387209595eac17e81207ef0bb27a72fa8660a1cf98784beb0a4
Instruction Fuzzy Hash: 98018031A05104CFEF18DB54C994A7E7BB29F8C300F1A446FC906A7241CBB1AE498BC1

Uniqueness

Uniqueness Score: -1.00%

Function 0319792B, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ed253c1860ce47c4f7bd400580ace9deb985040629d3c983e1e9deaa62114aa
Instruction ID: e9047b0941ed888bff3a1b3987f57be08641b7060569af15c3ecad728533a987
Opcode Fuzzy Hash: 5ed253c1860ce47c4f7bd400580ace9deb985040629d3c983e1e9deaa62114aa
Instruction Fuzzy Hash: 34018030A28105CBEF18DA28C950ABEBBFAEF89760F19446FC046A7290DB616D418791

Uniqueness

Uniqueness Score: -1.00%

Function 0319A870, Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d5d4bfd5061f4504a6dbd68e455d27907e2baa583974d100ec4cfaadb272d17
Instruction ID: 95d3a600d08a0a29ddd5ffee1e8be9835bc8c061ebea97414c2573255a17525a
Opcode Fuzzy Hash: 7d5d4bfd5061f4504a6dbd68e455d27907e2baa583974d100ec4cfaadb272d17
Instruction Fuzzy Hash: ED018F35E002088FDF54EBB9E80579EBBF8FB88210F10417BD609D3240EB7199048BD1

Uniqueness

Uniqueness Score: -1.00%

Function 031C05CF, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475726476.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fea0d23500bda3fc86f77238868239aff7f0e09a530ea24ccce0ad82c6454a99
Instruction ID: b4b91057b673865b0f9e70fcc242ce98837bf543193cc95162c5228d6fdaa6c7
Opcode Fuzzy Hash: fea0d23500bda3fc86f77238868239aff7f0e09a530ea24ccce0ad82c6454a99
Instruction Fuzzy Hash: F701A7B55097809FD7128B16DC40862FFB8EE46620709C09FED498B612D225B908CB75

Uniqueness

Uniqueness Score: -1.00%

Function 0319A388, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c67c658a8d5c876ba7a25f4c6f14ea0758c7aaf7bef7c8eb21d0c2bd139d731
Instruction ID: d31d2273dfe15f2a96f37a75fbf4c50c76daf48da4c1e3d9e5dcee31794486bd
Opcode Fuzzy Hash: 0c67c658a8d5c876ba7a25f4c6f14ea0758c7aaf7bef7c8eb21d0c2bd139d731
Instruction Fuzzy Hash: D9018430A04104CBEF18DA54C854B7FBBB15F8C300F2A446FC946A7240CFB16E4A8BD1

Uniqueness

Uniqueness Score: -1.00%

Function 03196990, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07878c0da3d757abd97f2c5d143bec798d0e6de94426f29dddc3855b3b3048bb
Instruction ID: 742754fe05f11cb751d5e87414e52cd3b8b73b4e2a7743c01731f2341952b1b4
Opcode Fuzzy Hash: 07878c0da3d757abd97f2c5d143bec798d0e6de94426f29dddc3855b3b3048bb
Instruction Fuzzy Hash: 92014C71E002059FEF14DF69D891BAABFF8EB49220F14516BC505D7290E7345941CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 031969A0, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fab8be50e57b9d87bde4ae28d6c8ed558744835279f0d8fc299d20a1da62ef5
Instruction ID: bc91aaf7cfb776d3d2e8fec3d34b896ac76595785f955749ae5b5ce36e91e805
Opcode Fuzzy Hash: 6fab8be50e57b9d87bde4ae28d6c8ed558744835279f0d8fc299d20a1da62ef5
Instruction Fuzzy Hash: 58012C71E001089FDB50DAB9D8417EEBBF4EB88220F54417BD608D3250E7305951CBE1

Uniqueness

Uniqueness Score: -1.00%

Function 031905C8, Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6de473cede3db595f72e70b40c94b30abd4f1d2cf4331488a9d6ac50f94e196
Instruction ID: 92843903314ad3e361887d6013225f5b667c2c5481e140c9afa5188daf4ed020
Opcode Fuzzy Hash: d6de473cede3db595f72e70b40c94b30abd4f1d2cf4331488a9d6ac50f94e196
Instruction Fuzzy Hash: 43F09A7130116807DB08B67E94116BF62CF9FC9A54758442BE20ADF384DEA59C4303EA

Uniqueness

Uniqueness Score: -1.00%

Function 0319A9E0, Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53c871de3d98df7e363b56e9505828419f59dbc197172b7c0c88463f0bad8619
Instruction ID: be304b617ef32fcb60bd77ad3aa108f802d438f4fbc3b562f0c74d637eb76e07
Opcode Fuzzy Hash: 53c871de3d98df7e363b56e9505828419f59dbc197172b7c0c88463f0bad8619
Instruction Fuzzy Hash: 8001B135304240CFCB08EB34D9144597FA2EF8A32031964BAE506CB366EFF19C058791

Uniqueness

Uniqueness Score: -1.00%

Function 03191218, Relevance: .0, Instructions: 42COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 867a78d2b2f8deefff8056bcc1fbb7a406737109171d3cb13533cf1e74b97283
Instruction ID: 7a37404929cbb209c2aaa40b732ab18b33d265eb566843c34e1a9da73fb72a14
Opcode Fuzzy Hash: 867a78d2b2f8deefff8056bcc1fbb7a406737109171d3cb13533cf1e74b97283
Instruction Fuzzy Hash: 0D01FB30304110DBCA48EB28D45896A7BEABFCD610B2541BBE506CF774CFB59C898786

Uniqueness

Uniqueness Score: -1.00%

Function 0319A860, Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42bf37472c7be727ded3b871ea63c97bb7f8e49e3478bb72b6e58ebb109aa44d
Instruction ID: 954d21a5f6921b712ea813b8279f872be00051c8b449dd88ea62c880cdd0fe5f
Opcode Fuzzy Hash: 42bf37472c7be727ded3b871ea63c97bb7f8e49e3478bb72b6e58ebb109aa44d
Instruction Fuzzy Hash: 9D017874E002098FDB54EFA8D9067AEBBF9FB48700F1141AADA05D7260FB709A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0319A9F0, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9855b3dcca6de6a9c41194c9a2a0444d55a10fbbce1da3044b9869314a9af80
Instruction ID: 710adb0026b490666b0b974fe1814cf024a3fb597ea1edb1b54ca3043e6de844
Opcode Fuzzy Hash: a9855b3dcca6de6a9c41194c9a2a0444d55a10fbbce1da3044b9869314a9af80
Instruction Fuzzy Hash: FAF06935301244CBCB08EB78D90446A7BA6EFC9320319657AE50ACB265EFF1AC068795

Uniqueness

Uniqueness Score: -1.00%

Function 0319E7E8, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31e8411ff708de953adb8bd4e2ab4445637046045c3ff4253423da4dd550dad7
Instruction ID: 09c66acd8a560a3c90e2857de5b0561594ec68fb3235a3084a9350c9db5775b7
Opcode Fuzzy Hash: 31e8411ff708de953adb8bd4e2ab4445637046045c3ff4253423da4dd550dad7
Instruction Fuzzy Hash: EEF0E9A29082505BFF3AD5D8C4CC3E56F95AB4D261F1A05FBD886CB142D750488683F1

Uniqueness

Uniqueness Score: -1.00%

Function 031963E0, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62800f0baad573c9b8757c56e6f796f3e14e55dc60db037cf3b0ccbfa642ba52
Instruction ID: ea2424c412d5ead753e7a5812a129a5d212fd3403d917a5990ec11810854c6eb
Opcode Fuzzy Hash: 62800f0baad573c9b8757c56e6f796f3e14e55dc60db037cf3b0ccbfa642ba52
Instruction Fuzzy Hash: 24F0B430B04115DBEF18D5A898105BFBBD597CD6B4F414077CA06D7240FB255A4186F2

Uniqueness

Uniqueness Score: -1.00%

Function 031982B9, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: edff29b2590d5a440a98a626e95d4ba8a2b18b8bacd45733b5baa915a67f5aa6
Instruction ID: 1cfe224b618e98275939214b04947418ee161d61144faba723dc912356e9b93c
Opcode Fuzzy Hash: edff29b2590d5a440a98a626e95d4ba8a2b18b8bacd45733b5baa915a67f5aa6
Instruction Fuzzy Hash: 9AF09030A08115DFDB08CBA9D8808BFBBF4EF9E6007014567D412DB292D330A945CB99

Uniqueness

Uniqueness Score: -1.00%

Function 03195FA0, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33d6734d121804f3e1a61e856e71328f217cdb07d6467fbd48eadcde3ddf659c
Instruction ID: 1d539dea5ad75c3fc7eda5c1a92e8cf49774120521b0c67171163e55cbd97d86
Opcode Fuzzy Hash: 33d6734d121804f3e1a61e856e71328f217cdb07d6467fbd48eadcde3ddf659c
Instruction Fuzzy Hash: D9F0F031A040169BEF14D66884909FFBBA6E7CDB60F05006BD90AA3640EB301B5182D1

Uniqueness

Uniqueness Score: -1.00%

Function 031963D0, Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48a0942abf3047bc3d8fb7442b1e29e2bd80dada69a716a0069b720077153d65
Instruction ID: 0d12dc97fb1925e3dcf6baeeca9c35613ac677db0671f39350323f23084a0380
Opcode Fuzzy Hash: 48a0942abf3047bc3d8fb7442b1e29e2bd80dada69a716a0069b720077153d65
Instruction Fuzzy Hash: B3F0B431A05115EFEF24C6A5E801AFFBBA4E7CD6A1F410467D906D3740EB341A4186E2

Uniqueness

Uniqueness Score: -1.00%

Function 06B30F58, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec2280f0913c76079122512e50b8ea266cd2ee3b96cdb36d2146f361c156eee5
Instruction ID: d48a9c96cea0b2e44afefdefb9a26a477e2793a2600a31bbf5991ffc98a7622f
Opcode Fuzzy Hash: ec2280f0913c76079122512e50b8ea266cd2ee3b96cdb36d2146f361c156eee5
Instruction Fuzzy Hash: C1F0A7327061645FC611DA78D8919BD77A6DFC625131844DFE449CB342CA228D02C791

Uniqueness

Uniqueness Score: -1.00%

Function 03199FB1, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61171882c06dce6522e2c63ff37b51fbc14b2f7fb6c65d2a0dbe83bfe4f0a097
Instruction ID: ab4adb5bd361860d26ad0b3f10020ca7fdb400794a8c221bcd610d3b48f51970
Opcode Fuzzy Hash: 61171882c06dce6522e2c63ff37b51fbc14b2f7fb6c65d2a0dbe83bfe4f0a097
Instruction Fuzzy Hash: 64F0C23230A240CFC709976898104A97FB2AFCA21535D886EE10ACB352DFB5AC0A8751

Uniqueness

Uniqueness Score: -1.00%

Function 0319C68A, Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7ea2b1f965e325650245278f7ba419bf9259be286e65f9f338bfb6b3d6458f88
Instruction ID: 177c156141fbce92eb0492e255ad55e5e24309752c774ee6073b36bb9f22604e
Opcode Fuzzy Hash: 7ea2b1f965e325650245278f7ba419bf9259be286e65f9f338bfb6b3d6458f88
Instruction Fuzzy Hash: AAF02E7260A2502BC75EA66C581051F7ADE8BCDA2031905ABE485DB341DF215C02C3E5

Uniqueness

Uniqueness Score: -1.00%

Function 03190908, Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21d0089d48cce747d12ab562d7be8cdf5297b86ba5325642256e2d33293e9cac
Instruction ID: 11be9d9764767dfe1fb3ba03c9ae04c0c329e6ff60e90da59d61c095efec49bb
Opcode Fuzzy Hash: 21d0089d48cce747d12ab562d7be8cdf5297b86ba5325642256e2d33293e9cac
Instruction Fuzzy Hash: D2F0E230905220DFEB18DFB8C895A7B7BB99F8D700B07055BDA07A7384CB786851C791

Uniqueness

Uniqueness Score: -1.00%

Function 0319E768, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2155d7d8dfa0512a0b472f59e064ce76452c3da2a83565717036d94f5b2ca760
Instruction ID: 9049f966085be73059f8be2bccd22410792770359d95f4d563c9d59bc67d2a5d
Opcode Fuzzy Hash: 2155d7d8dfa0512a0b472f59e064ce76452c3da2a83565717036d94f5b2ca760
Instruction Fuzzy Hash: C6F02E352056909FDB15D62CC55089A7FA58FC611431949DFD54ACB747CF239841C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 03190918, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3dcc1e520600bde26ccbc507710e137a401c6f95067b345901cea327447cac4
Instruction ID: e81ad672edcd92ef09645f8fa55d4bd7dfdf24a468b194f5b2297fb15fd38b25
Opcode Fuzzy Hash: c3dcc1e520600bde26ccbc507710e137a401c6f95067b345901cea327447cac4
Instruction Fuzzy Hash: BBE0E532E152289BBF18AAF998005AFBBADD7CDA50F024527DA0BA3284DB74588542D1

Uniqueness

Uniqueness Score: -1.00%

Function 031945B9, Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f2473eb0a31c0179f0d31714acc76b476b2e8e3496772f999580f102a650410b
Instruction ID: 8d8d3cd04e59c3e8e7178e083859c758396f29d5993d82c1ba3fc05d0bb9d61c
Opcode Fuzzy Hash: f2473eb0a31c0179f0d31714acc76b476b2e8e3496772f999580f102a650410b
Instruction Fuzzy Hash: C1F08271E0021A9FDB20CBA9DC45BEBBBB8EF8A610F14416BD608D7151E6305914C7A1

Uniqueness

Uniqueness Score: -1.00%

Function 0319FA48, Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10b33e94fdfab66e83eb6807ba5a16388e51087abe68b9baf9835fa3de0db89c
Instruction ID: b21d3b44305ba5e397c0d6e6caeb7691741122bd5e8f0182f28c225877f4c560
Opcode Fuzzy Hash: 10b33e94fdfab66e83eb6807ba5a16388e51087abe68b9baf9835fa3de0db89c
Instruction Fuzzy Hash: 91F08230209741FFEE19D69085508B27765AA4CA43312B59BC487CB914C764AC978B82

Uniqueness

Uniqueness Score: -1.00%

Function 031C0938, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475726476.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction ID: 8809d43d01d9c9bab2f11c915f0596413a83f7c960f473f222a203c654a27f35
Opcode Fuzzy Hash: 525cef522958239b2deb72ab7ac90410e2832b06fb356f1b7ca8807ee3c9392c
Instruction Fuzzy Hash: B7F0FB35104684DFC605DB00D540B15FBA6EB8D718F24C6ADE9490B662C337D812DA81

Uniqueness

Uniqueness Score: -1.00%

Function 031946A9, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b6f0a7e67a377f0feaaf230ee4bc31a14489a7da95382f0b6fd6dfbc29cc93
Instruction ID: bbd8832a7af5bd7aa4aa632cd488a229fefaceea1448c3a9aa1969b2f37c2656
Opcode Fuzzy Hash: 91b6f0a7e67a377f0feaaf230ee4bc31a14489a7da95382f0b6fd6dfbc29cc93
Instruction Fuzzy Hash: D6F0A031A01010CFDB20DBB8E8646EA3BA5AFC5705B188497E506CB266DF25D81183C6

Uniqueness

Uniqueness Score: -1.00%

Function 0319FAD8, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bac7578c176ff7d3eb32739a84235ae1af603fc1014c950c00431d91698c0b2
Instruction ID: 753b4245ac56f5a7ed31da8388a57da11b559da7dae14e06065feb8c25bf8eb5
Opcode Fuzzy Hash: 8bac7578c176ff7d3eb32739a84235ae1af603fc1014c950c00431d91698c0b2
Instruction Fuzzy Hash: 9FF03A36904218EF8F45EFA8C9009EEBFF5AF0D211B0480A7E559DA161E7318661DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 031955D9, Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c476737830837b8a26c4bafd63a2a902ce9ddb098d8ef3182ca98da6f2bb54a
Instruction ID: d7bb9d8beb1a061943ceae4a43471d3387ebaab657de1fbb6cb932354c336c17
Opcode Fuzzy Hash: 3c476737830837b8a26c4bafd63a2a902ce9ddb098d8ef3182ca98da6f2bb54a
Instruction Fuzzy Hash: C0F06532B000099ADB159B69D8815FFBBB6FBC5750F08057BD505E3251FB31652587E0

Uniqueness

Uniqueness Score: -1.00%

Function 0319DF38, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 82f9f5d1b25fd1e3707712e68dd6a91cfdf818c0ca8df77a74526a50dd458ed5
Instruction ID: d9f067d71cf9ae98d896e841f861000cf8fa634709b52bbe998943ecf11b1dab
Opcode Fuzzy Hash: 82f9f5d1b25fd1e3707712e68dd6a91cfdf818c0ca8df77a74526a50dd458ed5
Instruction Fuzzy Hash: BBE02B32201A208BC615D268E3715AE3795CBC9624355485FD10ECBB95EF32DC43C7C1

Uniqueness

Uniqueness Score: -1.00%

Function 0319AFA0, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9f681136ce96a09038f785d88213902254cbfc645e5491fccc0255f69fdc028
Instruction ID: 313c3bab58573ed50f136a4210b9c61fd34732e245c1706061fc6a743846282a
Opcode Fuzzy Hash: c9f681136ce96a09038f785d88213902254cbfc645e5491fccc0255f69fdc028
Instruction Fuzzy Hash: 1CF08C356057008BC325CF5AA450456FBF5FEC56213198E2FD198C7611D770A91A9BA1

Uniqueness

Uniqueness Score: -1.00%

Function 03199FC8, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a70ae0d3749ba9f01c40cf62ba347406b06890b4bd4ecf9958aef54f2faa32cd
Instruction ID: 0c93e40482a45ff55b7b7122c39be01b849c2ca93e391042139f0e90a77a6b5e
Opcode Fuzzy Hash: a70ae0d3749ba9f01c40cf62ba347406b06890b4bd4ecf9958aef54f2faa32cd
Instruction Fuzzy Hash: 38F01C32305604DB9B48E768A4004AD7BEAEBC9225399897DE10A8B345DFF6B8468791

Uniqueness

Uniqueness Score: -1.00%

Function 0319C9BE, Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 735df45325c99ca381bbb28c7dd3f5a1e9fc5b4c7b588d0b4f8bc4b65a4c88e7
Instruction ID: 528a6f0d62d776d892e5aa559da377cedd8065bace30d546f507e3950720ce8e
Opcode Fuzzy Hash: 735df45325c99ca381bbb28c7dd3f5a1e9fc5b4c7b588d0b4f8bc4b65a4c88e7
Instruction Fuzzy Hash: C3E0222670A2D08F9F19D23904200BF376AAECE2A032A50E7E182CF252DE204C41C3E2

Uniqueness

Uniqueness Score: -1.00%

Function 03194700, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19483da6f368dcdc133779791729ce09d1505858d3cd5c163650762fb88e0c79
Instruction ID: 3f96501ae9a76f85a246db0cb9b86803942a3ffdef541f5f170931d072af04d5
Opcode Fuzzy Hash: 19483da6f368dcdc133779791729ce09d1505858d3cd5c163650762fb88e0c79
Instruction Fuzzy Hash: 7EE02B312051845FDB2DC26AAC117B937668BCF610F1904BBD105DB691EF2548438340

Uniqueness

Uniqueness Score: -1.00%

Function 031957A2, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f658207cf4f8ca95a17bb38728601c4d39200bd09f64f229541ddb4686ebace7
Instruction ID: 697ac20e0d63a73770f1df5d3d563bcb256a7d503b99df81b36a867e9a4e10fd
Opcode Fuzzy Hash: f658207cf4f8ca95a17bb38728601c4d39200bd09f64f229541ddb4686ebace7
Instruction Fuzzy Hash: 84F0A030B14104CBEF0DEBB8E9102ED37A2AF8D204F608467C206AA180EF2449428792

Uniqueness

Uniqueness Score: -1.00%

Function 031972B7, Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8579deb28f41d409a3c8a4fe989401af8fa787e63d9aa57da9b8c59d65f20a1
Instruction ID: bf0460a34d9fd9301eae7633e4db55b840201f3d96b487fffae7ad9d008ca329
Opcode Fuzzy Hash: c8579deb28f41d409a3c8a4fe989401af8fa787e63d9aa57da9b8c59d65f20a1
Instruction Fuzzy Hash: 15E06534F122146BEE04F7F994143AE66864FCC914F44487AC50ADF6C5DF244D0287D2

Uniqueness

Uniqueness Score: -1.00%

Function 0319BBF8, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: adb2d33d4dbecf8d3dc547da0a4c164641595bc8082af2e83cd306ca0dcd5414
Instruction ID: 1e7c5426cc6216dff6089bf08189796993cf4d89db56f193bb78ea81697c5c45
Opcode Fuzzy Hash: adb2d33d4dbecf8d3dc547da0a4c164641595bc8082af2e83cd306ca0dcd5414
Instruction Fuzzy Hash: CDF09A32609B408FC735CF29E540806F7F5EF89220302CA9BD4EAD7A61C730F8088B61

Uniqueness

Uniqueness Score: -1.00%

Function 03198559, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 97437731929111e7f161f18ef45a03cc8e44a87e915f452102975864880a9272
Instruction ID: 476d2cda14b204789e8e87939ab4a0ee62d49cecc380945b8e029a25d4bd9378
Opcode Fuzzy Hash: 97437731929111e7f161f18ef45a03cc8e44a87e915f452102975864880a9272
Instruction Fuzzy Hash: 11E0E576E011108FDB506BA4E92825077F2EB4D25230D015BD805E7310EA759C048F80

Uniqueness

Uniqueness Score: -1.00%

Function 031C05F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475726476.00000000031C0000.00000040.00000040.sdmp, Offset: 031C0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c1519c666403ae18bd1c2bf9280aba2d2bb9f8ed9e7ef273b3553cf890cd895
Instruction ID: 472e6ac69ac72757ad840e388763d8cc5e756f095776e98e07780797edc9d769
Opcode Fuzzy Hash: 1c1519c666403ae18bd1c2bf9280aba2d2bb9f8ed9e7ef273b3553cf890cd895
Instruction Fuzzy Hash: 12E06D76A406048B9650CF0AEC41452F798EB88630B18C16FDC0D8B700E635F5048EA5

Uniqueness

Uniqueness Score: -1.00%

Function 06B3070D, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee10cc706f4d153e1a1c2413f7755c5272f7b64b16adb1cc2e9c481158ae0d28
Instruction ID: 505c85d27c16479029cec3b81c9f0748b09db703ab71a342849803a1c33d52a9
Opcode Fuzzy Hash: ee10cc706f4d153e1a1c2413f7755c5272f7b64b16adb1cc2e9c481158ae0d28
Instruction Fuzzy Hash: CDF0E5B0B14124DFFB61B758E808BD87762EF40734F1490D2D149930D5C7B85890CF91

Uniqueness

Uniqueness Score: -1.00%

Function 0306ADB3, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.474983851.0000000003062000.00000040.00000001.sdmp, Offset: 03062000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3333c2f15853470f4f69c060c729216285cbced2b8178148ce8e967a2c208e10
Instruction ID: 14c013d7fabca227f4105f4bdd11d1417276c01e5c73877bdf57353c3142ccee
Opcode Fuzzy Hash: 3333c2f15853470f4f69c060c729216285cbced2b8178148ce8e967a2c208e10
Instruction Fuzzy Hash: 74E0D872A4020467D2108F079C41B63FB58EB40A30F14C557EE0C1F701D671F5049AF5

Uniqueness

Uniqueness Score: -1.00%

Function 0319FF18, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1de4810a308c2d53ec5021df013ce636a9ca1412c8394c6c9f82f279c046a7c
Instruction ID: 473cc6687905b9282368f502f4950014d001fe7e9e8178c20fcaa7f5f5655a12
Opcode Fuzzy Hash: a1de4810a308c2d53ec5021df013ce636a9ca1412c8394c6c9f82f279c046a7c
Instruction Fuzzy Hash: BBF03731015148EFEF08DF60E8998683F79AF46202B045457F487DB151CFB0AE91CB91

Uniqueness

Uniqueness Score: -1.00%

Function 0319DF48, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 640ca7b487717441387a99fe7de233f483976ed2a9554e65e882d63ca7c0da68
Instruction ID: 70810b3cbcc43ab986cd479b6262c6f86d5fd11daf2e787103df41d1b5eb1a27
Opcode Fuzzy Hash: 640ca7b487717441387a99fe7de233f483976ed2a9554e65e882d63ca7c0da68
Instruction Fuzzy Hash: E6E0DF322016258B8A14D66CE52286A7BD9CBC9A64354882EE50A8B745EF72EC0287D1

Uniqueness

Uniqueness Score: -1.00%

Function 0319E778, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732ffa303eee49aca426a72deb3c7886b88bf562f6e21969479a9c37f9ec4917
Instruction ID: ddbf7985ce9c069299625e62b38820c609284d4f627abd757d9fb53fb2c8465d
Opcode Fuzzy Hash: 732ffa303eee49aca426a72deb3c7886b88bf562f6e21969479a9c37f9ec4917
Instruction Fuzzy Hash: 2EE026363016109BAA28D66CC91086E7BDDCFC9620354882FD60ACB306EF72EC0287E1

Uniqueness

Uniqueness Score: -1.00%

Function 03196380, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bd7b2ae63067d66913b222e8cd60e387ef7396dbee1c71806d32aad24b4d6821
Instruction ID: 25496ecda558eac9846b7218847c5f311945e1f6a9e2b8d5d0cb379556cef4d1
Opcode Fuzzy Hash: bd7b2ae63067d66913b222e8cd60e387ef7396dbee1c71806d32aad24b4d6821
Instruction Fuzzy Hash: B8E0D83151A111DFFF00E7B894006FD37999BCD661B09015BE60BC7254DBAA8980C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 0319CA09, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 550976b17ba3f9e445dfd3dcb848552798be58e00aa7c18228ac090044427832
Instruction ID: 19ca9ad06782d14d0ec63a6ddc33019cae1a024e4893c18bdb9f78dc6d721db0
Opcode Fuzzy Hash: 550976b17ba3f9e445dfd3dcb848552798be58e00aa7c18228ac090044427832
Instruction Fuzzy Hash: 70F0E5326051519FD715C614D890822B7A6EFCE320316C5EBD4898B601C731AC43CB90

Uniqueness

Uniqueness Score: -1.00%

Function 0319A920, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73226cdb9ec591608df4da4319a72f4c4f31a4b1cc2e374f0ec8d1ab938175f0
Instruction ID: d55e724296d9bda74881827bab0149e45fce6a4fee545cff0b76af630a8890d5
Opcode Fuzzy Hash: 73226cdb9ec591608df4da4319a72f4c4f31a4b1cc2e374f0ec8d1ab938175f0
Instruction Fuzzy Hash: 47E022352082108FEB4493F8902622C3FFAAF8E60130600ABE506CB3B2DF32CC028302

Uniqueness

Uniqueness Score: -1.00%

Function 03198568, Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 708daedeac661f96516276e874d502769e17cbc93d584d1c0d85a83a980dde79
Instruction ID: 16702a43e6290055886cb4458265ea41e13bd50261f937e719a7eaf4881b1f1b
Opcode Fuzzy Hash: 708daedeac661f96516276e874d502769e17cbc93d584d1c0d85a83a980dde79
Instruction Fuzzy Hash: 57E09235F012258B9F946BB8A518664BAEAE78D6A1329016BDD06E3344DFB19C008FD1

Uniqueness

Uniqueness Score: -1.00%

Function 0319FA58, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1c9ef62148c1333b30a6fc2c8a13b21569f5b0b8749f95fd6bf4360073a76bf
Instruction ID: 3b7f6821ea226940d53243d9961de2c81e7061a776e44f5e9c89c9d6d3ba5b10
Opcode Fuzzy Hash: d1c9ef62148c1333b30a6fc2c8a13b21569f5b0b8749f95fd6bf4360073a76bf
Instruction Fuzzy Hash: AEE04F31608705FBBE5CD6918540C7276A9AA4CE53742F59BC843C7A14CBA5FCC38B82

Uniqueness

Uniqueness Score: -1.00%

Function 0319C9D0, Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e6d1729aaa094d8b0977d39f20de97e3ca66435eb4f9ebe0a8148b9505217ae7
Instruction ID: b2bd1289a69cf00fe6b1b770fc279b5cb492e0bbb324c5f4a7e932dee570eee3
Opcode Fuzzy Hash: e6d1729aaa094d8b0977d39f20de97e3ca66435eb4f9ebe0a8148b9505217ae7
Instruction Fuzzy Hash: 90E0C232305154974D2CE21E40104BE728EABCD6F1326502BE147CB351EF419C41C3E2

Uniqueness

Uniqueness Score: -1.00%

Function 0319E7B9, Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: baded2fb709e030c58429fc7d4c63966ff7eb66be9281f22dc2a2f8111717bf8
Instruction ID: d3fa623a0b74ff94fa2eac9bd0591317da11cecd00614c3a770acafcf5ed0575
Opcode Fuzzy Hash: baded2fb709e030c58429fc7d4c63966ff7eb66be9281f22dc2a2f8111717bf8
Instruction Fuzzy Hash: 26E04F35009240CBDB2DCB14D99045177B5EB0A61232648DFD08687911E771A895C7E2

Uniqueness

Uniqueness Score: -1.00%

Function 0319DF89, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1c3b7332b815a4afc5a69d89ded31abb86191381d193d5ac71d691198748be8a
Instruction ID: fe0e55c70454e2544e4f6f5d8fe6c271208a84fb7b9012931eca9c2bc26496e1
Opcode Fuzzy Hash: 1c3b7332b815a4afc5a69d89ded31abb86191381d193d5ac71d691198748be8a
Instruction Fuzzy Hash: CAE04622119210CBEB18E660B2265B2B6A5AF4C212B06146FE14A96644EB759883C792

Uniqueness

Uniqueness Score: -1.00%

Function 03195BA1, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3566bf5db4f06258e903cd1633088fdd70034537b66b5e196bd2af9ed24859b2
Instruction ID: a716a4bb348cf81cd78ec53d88fb583b2377962c7f82d712b8f0dab31e3578c8
Opcode Fuzzy Hash: 3566bf5db4f06258e903cd1633088fdd70034537b66b5e196bd2af9ed24859b2
Instruction Fuzzy Hash: 0ED02B3160B1509FDF16E7B458600BE27570FCF5153140AABE00BDF342CD658D128392

Uniqueness

Uniqueness Score: -1.00%

Function 03196390, Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a2228df677033993a997a767d2628854aad167d48071170002104907b5a4214
Instruction ID: 91eb6dce835138f305440ca4a56aad38be26e2499e3688e80a9f35c68b413842
Opcode Fuzzy Hash: 3a2228df677033993a997a767d2628854aad167d48071170002104907b5a4214
Instruction Fuzzy Hash: 03D05B3165D515C7FE04B5B854047BD358D978D675F05002BDA0FC6244DBDA8DC042FB

Uniqueness

Uniqueness Score: -1.00%

Function 06B30F68, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16dff6c115d59f90794d829bdfcdbe2cc33a716fab84ddd55f7edf4a6c0a11d6
Instruction ID: 485888931da405739b77c1400b18b1a41ac175c8273510749daf21ed8a9e3d9e
Opcode Fuzzy Hash: 16dff6c115d59f90794d829bdfcdbe2cc33a716fab84ddd55f7edf4a6c0a11d6
Instruction Fuzzy Hash: FED0A7353422285BD504E5ADC8109BEB7CECBC9510304885FB809DB346CF72DC0283D0

Uniqueness

Uniqueness Score: -1.00%

Function 0319DF98, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e049aa55618e5806e9334febd38e2586d00f55dfc8ace11d365c3bb228b4fff
Instruction ID: 6f77b084e5690966fb480f8bfc3ca4cc09885ddfe4e11a648c52e94337c9910e
Opcode Fuzzy Hash: 7e049aa55618e5806e9334febd38e2586d00f55dfc8ace11d365c3bb228b4fff
Instruction Fuzzy Hash: FCD05B31109214D7EE5CE5657122573B2A8AB0C615702442FF44F82504D7759CC383D2

Uniqueness

Uniqueness Score: -1.00%

Function 031957F6, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c8cd5c218122275f1a72626eb3d2641102484f5326cf85158c52431f1110d5f
Instruction ID: fb60fb5f497dbe977c1071db72e6683851dca5046d81d9f6e856dcbb2457d91a
Opcode Fuzzy Hash: 2c8cd5c218122275f1a72626eb3d2641102484f5326cf85158c52431f1110d5f
Instruction Fuzzy Hash: C0D01235E05518CBEF09E7F5E9155EC7B729B8C164B1154B7C10BAA105DF7009454791

Uniqueness

Uniqueness Score: -1.00%

Function 0319064F, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6b334a6564866875be364e109025b029863181ad7bba25a25321bab03833121
Instruction ID: 03354f01c1322e53e4c8683df7a756622c41a07af2c64de2e63f6b79cfb705f5
Opcode Fuzzy Hash: b6b334a6564866875be364e109025b029863181ad7bba25a25321bab03833121
Instruction Fuzzy Hash: 40D02B734022008FC7148A70CC264E03B20EF962043098553C4004F501C3361243DA51

Uniqueness

Uniqueness Score: -1.00%

Function 031902A0, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d84c17257fbcc17c5450971baed91ca68f595fb0bec108497fb0037c01f56842
Instruction ID: 02ed59cb28af03f8a4e86354a6d527a6d2350e65dbd9c23cfc8465795196a44b
Opcode Fuzzy Hash: d84c17257fbcc17c5450971baed91ca68f595fb0bec108497fb0037c01f56842
Instruction Fuzzy Hash: 00E0C23180A604CFC310C794D8A5862BBF5FF8D6003058D8FE4838B649CB30BD00C740

Uniqueness

Uniqueness Score: -1.00%

Function 03192D20, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458dfbb4c325a568ff0f8f2f60d36377255f311367b218dc85dda411af0f459c
Instruction ID: 62efb55f4a9c9b1400e5f8d9b852910870094515b32a2b3d20a44b2516eeb768
Opcode Fuzzy Hash: 458dfbb4c325a568ff0f8f2f60d36377255f311367b218dc85dda411af0f459c
Instruction Fuzzy Hash: 3BD0173004E149EFEB5987949C21BA13B64AB5EF05F0A0E93E4478A099D3315792CB51

Uniqueness

Uniqueness Score: -1.00%

Function 03190170, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f906b16109a6b232088ae6b24ee41d41a78a33b048dd3bdc1ceca2b3e73f8295
Instruction ID: 5e85d16a355731d3ce4dff5148c96927987d8e586098f00ccb0f467d22731880
Opcode Fuzzy Hash: f906b16109a6b232088ae6b24ee41d41a78a33b048dd3bdc1ceca2b3e73f8295
Instruction Fuzzy Hash: 21E01271106356DFCB16ABB0E4594A93B35AF4B21630409AEE406CB765EB7BC850CB50

Uniqueness

Uniqueness Score: -1.00%

Function 031974A8, Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c784b8caea9e4e9256098965398bb030be356a4d5aa5212f7f3b8be4af1e81ee
Instruction ID: 5f046a46ab8ffbf7ddcebe6c613784483b157d43bab2323cc58c0537b0415fc1
Opcode Fuzzy Hash: c784b8caea9e4e9256098965398bb030be356a4d5aa5212f7f3b8be4af1e81ee
Instruction Fuzzy Hash: 41D0C231428710DBEB39DA65A4007B2BFD95F49204F0A095F81CA075C28769E4C4C3A3

Uniqueness

Uniqueness Score: -1.00%

Function 06B30EC0, Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b40044c288450ac64bf5d5e2f9b4c3a444fc857bf9aa801ff1890175f2b1c3b9
Instruction ID: 82b1fa5d6f33b22800f1ab8d7ce6c82cddae7f7699453da85fdace716c673569
Opcode Fuzzy Hash: b40044c288450ac64bf5d5e2f9b4c3a444fc857bf9aa801ff1890175f2b1c3b9
Instruction Fuzzy Hash: E6D0E2B1F3D338CEF3E0B248801473AB2149F60314E0488DB800B1588546675096CAC6

Uniqueness

Uniqueness Score: -1.00%

Function 06B30FA1, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44586390a034f55817a49144e0400a3fff2640d10317b1933bb88a3047224f48
Instruction ID: 0cea39eaf9f6cc1200b7e3764b4f90c70e7f199778fd297cfa7ac0d08e3a7fb2
Opcode Fuzzy Hash: 44586390a034f55817a49144e0400a3fff2640d10317b1933bb88a3047224f48
Instruction Fuzzy Hash: 88D0A93820E3808FCB02EB78E4A002C7BB46E8A45031548E7C4C4C7242EA2494068B12

Uniqueness

Uniqueness Score: -1.00%

Function 06B30F00, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c15065cbe03595252d2adcbae2e849006416ebb2068dbcc9dacefa618aeb0ce
Instruction ID: 75ab0b8a038a245e8ba142034ff535a74b0c7a8ec5c8185b9e4ce1f966fac5bc
Opcode Fuzzy Hash: 0c15065cbe03595252d2adcbae2e849006416ebb2068dbcc9dacefa618aeb0ce
Instruction Fuzzy Hash: 46D0C9F862C2AADFFB8476A9A4092347ADC7F04701B0045A2B0478A141DFE5E40181EF

Uniqueness

Uniqueness Score: -1.00%

Function 030523F4, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.474869794.0000000003052000.00000040.00000001.sdmp, Offset: 03052000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9eb1992a13bb7566f851f6ae415e97ccaab1e90235b1b501cb3473be491098e
Instruction ID: 26bf8942f6d290c5a5c3a68d704399f8b5239db29ff8e3617105731b5656b4a3
Opcode Fuzzy Hash: a9eb1992a13bb7566f851f6ae415e97ccaab1e90235b1b501cb3473be491098e
Instruction Fuzzy Hash: E8D05E79216A818FD326CA1CC1A8B967BD8AF51B05F4A48FDFC008BA63C368D9D1D600

Uniqueness

Uniqueness Score: -1.00%

Function 03195B19, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dad3917fea8e5338f06f947adc9f63f2ae6f6a50f052fc7e2ae525efdc15e522
Instruction ID: eeb4efcdc56acc0fd8c935fdd636ac6d3fef2a48ffe4eaba64abb7191deb8470
Opcode Fuzzy Hash: dad3917fea8e5338f06f947adc9f63f2ae6f6a50f052fc7e2ae525efdc15e522
Instruction Fuzzy Hash: D4D0A77240A38B6FDF13DB64A420454FF2B1D1744130901C7D803DF127EB308085C714

Uniqueness

Uniqueness Score: -1.00%

Function 03196F00, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction ID: b07be9c0257c4bcec83df1755bb688e6bfb70dc1c7677d965a37f1e6d8ef6de2
Opcode Fuzzy Hash: 9a0939ec5680cffb9ecca245d0aafbbebb033a67d769e75d7ec85179cdc98f5e
Instruction Fuzzy Hash: DED0423AA00004CFDB04CB88D5949D9F7F1EB88225F29C1A6D915A7251C732ED56CA60

Uniqueness

Uniqueness Score: -1.00%

Function 0319E7C8, Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12291302c77672b791667d47ea0bd3ebeae55431cac26ea688878d81c618c55c
Instruction ID: aa67fd9fdb072b2636077e1ca6323e5871311df93a8b9519964462b818eec634
Opcode Fuzzy Hash: 12291302c77672b791667d47ea0bd3ebeae55431cac26ea688878d81c618c55c
Instruction Fuzzy Hash: F6D0C731119214D79A1CD755D80446277699649621302456FE00B47910DBA2F8C0C7F2

Uniqueness

Uniqueness Score: -1.00%

Function 030523BC, Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.474869794.0000000003052000.00000040.00000001.sdmp, Offset: 03052000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c00c8e5a9ee5988310e6cd2b62e0c212e31fbdf74eb55ce844a217e926c8dbdf
Instruction ID: 909fc44dbbfe8bbec75f70cfa1669e06692a6aaea83aee4c23575d7f3c886510
Opcode Fuzzy Hash: c00c8e5a9ee5988310e6cd2b62e0c212e31fbdf74eb55ce844a217e926c8dbdf
Instruction Fuzzy Hash: 9CD05E342012818BC715DB0CC594F5A77D8AF51B00F0A48E8BC008B662C3A4D881C600

Uniqueness

Uniqueness Score: -1.00%

Function 06B30F30, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66f0a6e81d4b40344ca4cc34997ddaf117ae5cc3c964178ab983a8aa5e11549c
Instruction ID: ddde48ee7550bc234e146342097d6f0800f2425d7d4ce1a4631fc32c12991dcb
Opcode Fuzzy Hash: 66f0a6e81d4b40344ca4cc34997ddaf117ae5cc3c964178ab983a8aa5e11549c
Instruction Fuzzy Hash: 43D0123540A3849FEF12CF74D9D08567BB0EE073403A90CDBC0C0DE012D61462559721

Uniqueness

Uniqueness Score: -1.00%

Function 03197A36, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69e1ac797854fca84711feaa1521a77702592e36fb86e02efa866b982e893be4
Instruction ID: dc133ddc3805b6752ab1b12ed23fd473be9dc188b3314cb65b32ac8628a8bb5b
Opcode Fuzzy Hash: 69e1ac797854fca84711feaa1521a77702592e36fb86e02efa866b982e893be4
Instruction Fuzzy Hash: 78D01C34A20209CF9B11CFB2D91009D37E1AF0E220729062AD902AB394E3386D408B00

Uniqueness

Uniqueness Score: -1.00%

Function 03195478, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a937d7ccf191577b3c9e802a5a2518806d99befcfc5e4325ce3a64160cd081d
Instruction ID: 1e07dac5f93c11b1de9b8767b51639555e1960a43473cb70e7f2c8c0ac8842e1
Opcode Fuzzy Hash: 3a937d7ccf191577b3c9e802a5a2518806d99befcfc5e4325ce3a64160cd081d
Instruction Fuzzy Hash: C9D0C934005205CBEEA6B7AAA42D32D7A69A70AA0AB0941D2D0479281DEB284094C653

Uniqueness

Uniqueness Score: -1.00%

Function 03190180, Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9219e05b4ff234d08425fef961e1a512780f121603ca72117f418454dc03f60f
Instruction ID: a73f8599b3d4e30999103ee8306251571ae164132abe342b78c133c1ac937177
Opcode Fuzzy Hash: 9219e05b4ff234d08425fef961e1a512780f121603ca72117f418454dc03f60f
Instruction Fuzzy Hash: BED01230201309CFCB083BB0F0194183365AB49205300087DD80787758EF3BD840CA40

Uniqueness

Uniqueness Score: -1.00%

Function 03195B28, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d74dfbbacae1406eb6b201ac2d353ee058e78e0d26915aa09ebd010f58feed13
Instruction ID: eb72264b7c4824a718b944eb9c20eeaa83f6a6ce1aa69d8144c54510ea9f7e2b
Opcode Fuzzy Hash: d74dfbbacae1406eb6b201ac2d353ee058e78e0d26915aa09ebd010f58feed13
Instruction Fuzzy Hash: 8CC02B302022078FEE013FB0641D12E3BAF4F858093800056E80BDD008FF3C80000541

Uniqueness

Uniqueness Score: -1.00%

Function 0319C799, Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 33f8d2980600dec979c320a6a1bdc5f9b656b548d80e5526a2d5caa0062dfd0e
Instruction ID: a4c51ffc196e7da38c26882aa7e1395f0f923d99d39e756907ab1c170d5b4681
Opcode Fuzzy Hash: 33f8d2980600dec979c320a6a1bdc5f9b656b548d80e5526a2d5caa0062dfd0e
Instruction Fuzzy Hash: 3ED0123481A7C08FEF234F308998400BF72AE4B20431909DBE0C0CB267C1F9E440CB12

Uniqueness

Uniqueness Score: -1.00%

Function 03190660, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e477882158d4465dd5335c01b88238549da757cd15a242935cfa1ae0df86c4e2
Instruction ID: ab3e86a918a9505cc6657c32f9c00acabf37e14cd11f2dc48c5e0fbb9bccbdfe
Opcode Fuzzy Hash: e477882158d4465dd5335c01b88238549da757cd15a242935cfa1ae0df86c4e2
Instruction Fuzzy Hash: 05C02B31046304CFD71CA6741C0843572085ACC308300C433C40104014CB3254D1CC21

Uniqueness

Uniqueness Score: -1.00%

Function 03192CFB, Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e641731ccf8321ae6f87c6b3cdee0d12f9e343974989ef839e4d30929a11d8b4
Instruction ID: aeaef40b32f8250a41d35c56da8ef467ef63aac7691cfde82ed02cbd893d3788
Opcode Fuzzy Hash: e641731ccf8321ae6f87c6b3cdee0d12f9e343974989ef839e4d30929a11d8b4
Instruction Fuzzy Hash: 05C08030105109CFDF08EB34D48451C77E0FF482007114C1FD147C2518EB784C414701

Uniqueness

Uniqueness Score: -1.00%

Function 06B30FB0, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b41db702721e5c4b4fe0533c6c2e82d08bcb51c36cd66c13b896ee08e4e85fce
Instruction ID: 7cb180cafb985f272e58aafce3ea9530ad68259fc4cc8cd9891804eb149afa7c
Opcode Fuzzy Hash: b41db702721e5c4b4fe0533c6c2e82d08bcb51c36cd66c13b896ee08e4e85fce
Instruction Fuzzy Hash: AFB0126494670C47DD8073FCB00811C734C19848607804092991E47244BFB8A4144555

Uniqueness

Uniqueness Score: -1.00%

Function 03196F24, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction ID: 6b8af5f2b0d52bca51ca0ca488eab8fe5e88ad8cdd380a3daaebad8417daec6c
Opcode Fuzzy Hash: 9331830965d72d12fcbefa973c87c0cf332396a92bd300e1243d284f656f33ac
Instruction Fuzzy Hash: CAB092B7A04009CAEF00CA84B4413EDF720F794279F114023C31052000C33201A486A1

Uniqueness

Uniqueness Score: -1.00%

Function 03196360, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a65f3ecd138ee745e7d9e4843eed38ff234e6b83fae9e739f4f4a21c42968587
Instruction ID: 4ad373852aad4d88df407ae7f354bdb1387d0959b553d70411ce3382e60bc8f8
Opcode Fuzzy Hash: a65f3ecd138ee745e7d9e4843eed38ff234e6b83fae9e739f4f4a21c42968587
Instruction Fuzzy Hash: 1CB0922401F2869BC3428B545C208522E786C828083DE02EAA0A082A47D61A4A30D352

Uniqueness

Uniqueness Score: -1.00%

Function 03192EC0, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48e76eceb6a0c24d1ce70ffba8b98770457589804b286f8f9445f40fdf95d24d
Instruction ID: 6fb2235add88255e5cef2272b7e6653f1e651c529cb99833eafa8d9850519314
Opcode Fuzzy Hash: 48e76eceb6a0c24d1ce70ffba8b98770457589804b286f8f9445f40fdf95d24d
Instruction Fuzzy Hash: EAB0123020420C1F6B40A6B92848A12338C454440535404A1D80CC4404F724D0A02140

Uniqueness

Uniqueness Score: -1.00%

Function 0319D170, Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2913a651c002c877b1230cd01127e1c1e99c41442317b0f53a762c815f50ebac
Instruction ID: b58dcb32457679775ff9374e960af7ce2f0ee9308c90b67d4f5508fa00b9fe48
Opcode Fuzzy Hash: 2913a651c002c877b1230cd01127e1c1e99c41442317b0f53a762c815f50ebac
Instruction Fuzzy Hash: 4EB09B70005358D7D644E615E8454553A5CF55E5507811126F5014515DDB645D418696

Uniqueness

Uniqueness Score: -1.00%

Function 06B30F50, Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6f9eab13d990cfc57c08b10c5d4c1e3b0e162a443362101d912b80f52125c1db
Instruction ID: ca1510f84213de69e668884e81063e8be8476891a1492866a9ed9c7195866121
Opcode Fuzzy Hash: 6f9eab13d990cfc57c08b10c5d4c1e3b0e162a443362101d912b80f52125c1db
Instruction Fuzzy Hash: B6A0223CA00020CBAF00FB30E0800223222AB8E2003E0A0C288082C020CA382C000280

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 06B32054, Relevance: 6.4, Strings: 5, Instructions: 100COMMON

Download Yara Rule

Strings

m+o^, xrefs: 06B3209F
M+o^, xrefs: 06B32109
-+o^, xrefs: 06B3218C
]+o^, xrefs: 06B320D4
=+o^, xrefs: 06B3213E

Memory Dump Source

Source File: 0000000C.00000002.485508070.0000000006B30000.00000040.00000001.sdmp, Offset: 06B30000, based on PE: false

Similarity

API ID:
String ID: -+o^$=+o^$M+o^$]+o^$m+o^
API String ID: 0-2123857328
Opcode ID: f812895750e4b5155ae034ae4b32ce633d5495e88abbdfd9f6bd66f6cf67b400
Instruction ID: 11cd4081230c2edd0c048d8dbc68f7cff4326ccc2f90d8121788b444b0feebf2
Opcode Fuzzy Hash: f812895750e4b5155ae034ae4b32ce633d5495e88abbdfd9f6bd66f6cf67b400
Instruction Fuzzy Hash: 20413A35701201CFD749DF28E4141A87BE2EF8921936899ADE50A9F365DFB6EC47CB80

Uniqueness

Uniqueness Score: -1.00%

Function 03190D8C, Relevance: 5.3, Strings: 4, Instructions: 251COMMON

Download Yara Rule

Strings

,:ar, xrefs: 03190E38
X1ar, xrefs: 03190F1C
0`r, xrefs: 03190F8E
:@:r, xrefs: 031910CB

Memory Dump Source

Source File: 0000000C.00000002.475656229.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false

Similarity

API ID:
String ID: ,:ar$0`r$:@:r$X1ar
API String ID: 0-2614842347
Opcode ID: e220de23f3f263ed2f7976e649d498a0e4565e185425f7d85d854fd4cdc1edc5
Instruction ID: 6da00c31adc36975cb7ccb32aa8b37b75560bd28653209cb225706498114cf8c
Opcode Fuzzy Hash: e220de23f3f263ed2f7976e649d498a0e4565e185425f7d85d854fd4cdc1edc5
Instruction Fuzzy Hash: 4BB19870A09344CFD3A4DF788160B6ABBE2FB99704F14996EE5498B394EF759841CB02

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: dhcpmon.exe PID: 6744 Parent PID: 3388 dhcpmon.exeCOMMON

Executed Functions

Function 029B0DD0, Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c3e18a222d0faec51366f7c451e9a202c6c730ad7e4d21c8601c1e7ed3e55d19
Instruction ID: 57582d507a5b2c6f6b6645af05816acd0f96be37621416ac34505a4ead195d29
Opcode Fuzzy Hash: c3e18a222d0faec51366f7c451e9a202c6c730ad7e4d21c8601c1e7ed3e55d19
Instruction Fuzzy Hash: E1210671B042449FDB44EBBCC810AAE3FAAAFC5710B1040AAD616DB7D5CF708C06C7A2

Uniqueness

Uniqueness Score: -1.00%

Function 029B0120, Relevance: 1.4, Strings: 1, Instructions: 186COMMON

Download Yara Rule

Strings

:@:r, xrefs: 029B02C5

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID: :@:r
API String ID: 0-1441432688
Opcode ID: b625c8bd8a17425e90f31150a181f1159770efd854267c67da29d8f62bfc0cc9
Instruction ID: 6c4028ff0a364774c84be57fef141beb33637bc19a4a9eea88bd127e1a260d83
Opcode Fuzzy Hash: b625c8bd8a17425e90f31150a181f1159770efd854267c67da29d8f62bfc0cc9
Instruction Fuzzy Hash: B2715731A00241DFCB19EB68D458BAE7BE7AF88340F148469E806CB3A5CF71DD80CB91

Uniqueness

Uniqueness Score: -1.00%

Function 029B0818, Relevance: .4, Instructions: 358COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31a4bce0d64a4f5fcef1e15ed5770bd7e58614dc59e806b1870e429ff6a004a9
Instruction ID: ee4b987cb1c5aff746a396000f5089a94bb7bd147e8f607ef08563531d2db359
Opcode Fuzzy Hash: 31a4bce0d64a4f5fcef1e15ed5770bd7e58614dc59e806b1870e429ff6a004a9
Instruction Fuzzy Hash: 41E14831200652DFDB19DF60DA84B6F77A6BFC4308B24C92DC5568B399DB71E842CB92

Uniqueness

Uniqueness Score: -1.00%

Function 029B06F8, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 707695edeb263103ff8dd418990bc08c2770f955c9ab718dae859952008633d2
Instruction ID: 9fe4e877551230ff64f5c9f00c43c08a0afe2f199e656b5c9641c33e5c0f279d
Opcode Fuzzy Hash: 707695edeb263103ff8dd418990bc08c2770f955c9ab718dae859952008633d2
Instruction Fuzzy Hash: 5521EB303012118FCB59AF7CD058A6E3AE6AFC5305B1104BAE40ACF7A1EE76DC858796

Uniqueness

Uniqueness Score: -1.00%

Function 029B06F7, Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c5c6616f65a973db5d2b9e3f84d1f1a798a63783d9e409b3cea1f052c654dd9
Instruction ID: e9b8eceed0336292d58b61d09f823980b1056245bce4dea2edbee111b9362fc9
Opcode Fuzzy Hash: 8c5c6616f65a973db5d2b9e3f84d1f1a798a63783d9e409b3cea1f052c654dd9
Instruction Fuzzy Hash: A321ED307012118FCB59AF7CD058A6E3AE6AFC5305B1504BED406CF7A1EE76DC858B95

Uniqueness

Uniqueness Score: -1.00%

Function 02A105CF, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250377039.0000000002A10000.00000040.00000040.sdmp, Offset: 02A10000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f3a97ccb86e185c8a57de3e0d01b283c740734fc47e26f787142f3a1a46d758f
Instruction ID: 4f3c7682cc6406ed540121d354c52881bfd1faa7ab212d4dc3c81b5d9e826c6e
Opcode Fuzzy Hash: f3a97ccb86e185c8a57de3e0d01b283c740734fc47e26f787142f3a1a46d758f
Instruction Fuzzy Hash: 9601FEB25097805FD7028F06DC44862FFF8EF46620708C0DFED498B612E1756905CB71

Uniqueness

Uniqueness Score: -1.00%

Function 029B011B, Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 813093c8da7eb724acf663511017e9b9abce7c84b0119233bf5d40b0ca513546
Instruction ID: d639e9277d88bf0e19b17ed80c43fb3b4f84fa998a675820482df44211928256
Opcode Fuzzy Hash: 813093c8da7eb724acf663511017e9b9abce7c84b0119233bf5d40b0ca513546
Instruction Fuzzy Hash: 0A018170904298EFEB2A8B75C9597FF7FB1AF84300F14451AD402A62A0CF750A44CB91

Uniqueness

Uniqueness Score: -1.00%

Function 02A105F6, Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250377039.0000000002A10000.00000040.00000040.sdmp, Offset: 02A10000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c7ee3cafad25908931dbbaad1f6a5c8a5b132cf589eb790c5f322f8f2dd7835
Instruction ID: e2a61391f4dd1b07585e3f379e22b5d851158d415932430c5e1c75465d5292e8
Opcode Fuzzy Hash: 2c7ee3cafad25908931dbbaad1f6a5c8a5b132cf589eb790c5f322f8f2dd7835
Instruction Fuzzy Hash: 3DE092B66406009BD750DF0BEC81452FBD8EB88630B18C07FDD0D8B701E175B508CEA5

Uniqueness

Uniqueness Score: -1.00%

Function 029B00CB, Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a847a4945aef8ac9ba023e9094fde30b6018f681b134bbe6bd13ab4ca4109698
Instruction ID: f094a081dfaa42aab42b6b4f73dd989894111cdafcc74355e1eac5090effdc28
Opcode Fuzzy Hash: a847a4945aef8ac9ba023e9094fde30b6018f681b134bbe6bd13ab4ca4109698
Instruction Fuzzy Hash: 6BE0E5B5E09249AF8F50DFB999456EFBFF4EA48250F20456AD509E3201E3350615CFE1

Uniqueness

Uniqueness Score: -1.00%

Function 029B00D0, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8597762bc8d21cf8724f570e3ef83662a89969cbd75da30c8cc15ed87eacbce
Instruction ID: 20af97f7cec25a4f19b4bbcd21a7db83268913d6f531420d88f89ad38f95827b
Opcode Fuzzy Hash: a8597762bc8d21cf8724f570e3ef83662a89969cbd75da30c8cc15ed87eacbce
Instruction Fuzzy Hash: 99E09AB1D0525D9F8F40DFB999456DFBFF8FA48250F104466D508E3200E3355611CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 029B0F08, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 054a65384ef7036c18bb95947e68af1f8cc134786fe7de944803acf00707666e
Instruction ID: bbb62985f81cb3a9a26776a0f230a9bc7c9e57fa9016f836c8be1aef244d4168
Opcode Fuzzy Hash: 054a65384ef7036c18bb95947e68af1f8cc134786fe7de944803acf00707666e
Instruction Fuzzy Hash: 2DE01A367101108FC344FB6CE844A9A37EBAFC936171045A6D819D7369DA72AC44CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 029B0F07, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 463126a647b89496e286c2ae5c5f5a2cb7e1fd73d6c94ffe50652120b0e9457f
Instruction ID: afefdcbf77db6783ab17076c03c848b4806a777391dc18216fbfbf5df4c2642b
Opcode Fuzzy Hash: 463126a647b89496e286c2ae5c5f5a2cb7e1fd73d6c94ffe50652120b0e9457f
Instruction Fuzzy Hash: 33E092367000108FC300EB7CE444A9A3BE7AFC831171041ABD809D7365CA719C04CBA0

Uniqueness

Uniqueness Score: -1.00%

Function 029B03C5, Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 195d39571741681f7556f22d8193b2ba9589fa4be1fb63d95f3a95aff53706b3
Instruction ID: 80e7c4f81a0550bb1e1b578ac1d7a840118fd03d45360b2fe2654936357cdcd9
Opcode Fuzzy Hash: 195d39571741681f7556f22d8193b2ba9589fa4be1fb63d95f3a95aff53706b3
Instruction Fuzzy Hash: EBF0C970A40265DFEB15ABB8C65C7EE7FF1AF88314F14055AD403A72A0DFB44984CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 029B0DC0, Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32ee2725ce531d24616de5d3fc5fb6afb85f6888eea98f8bc2887671a3363f2c
Instruction ID: 5937422e9bb1f1ab165c74dde19544329f04bf1b075a861aaf9934ab5463c4e4
Opcode Fuzzy Hash: 32ee2725ce531d24616de5d3fc5fb6afb85f6888eea98f8bc2887671a3363f2c
Instruction Fuzzy Hash: 88E086316082009FC7145BB8D9056DA7BB4EF07310F0040E6E9418B2B2CB769C19C7D3

Uniqueness

Uniqueness Score: -1.00%

Function 029B0D98, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9122977985b07b1f2c9f503e53d9c8c61a702549687761be664fd3497fd2efae
Instruction ID: 9db0d5e40294e3d3cc04efa2fa0f766357da4a5fbc810d723af6c25dda335ed9
Opcode Fuzzy Hash: 9122977985b07b1f2c9f503e53d9c8c61a702549687761be664fd3497fd2efae
Instruction Fuzzy Hash: ABC012722046244BC3086F99F84055ABB9D9684671351042AD50A87751DEA0AC5087D9

Uniqueness

Uniqueness Score: -1.00%

Function 029B0D97, Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.250096357.00000000029B0000.00000040.00000001.sdmp, Offset: 029B0000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73d9dea101500b59464c2860de6b16be8062e92f3d114568f1a9c68ca8988ce2
Instruction ID: 488563314d6adeab0a86261480d530431dbca63f6f5e022a3990e26e4ca4a44c
Opcode Fuzzy Hash: 73d9dea101500b59464c2860de6b16be8062e92f3d114568f1a9c68ca8988ce2
Instruction Fuzzy Hash: BFD022322086204FC3089FA8B8404AEBFA59A84360321042ED00BC3761CAA04C40CB84

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify access tokens to operate under a different user or system security context to perform actions and bypass access controls. Windows uses access tokens to determine the ownership of a running process. A user can manipulate access tokens to make a running process appear as though it is the child of a different process or belongs to someone other than the user that started the process. When this occurs, the process also takes on the security context associated with the new token.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, Access tokens, Authentication logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may set files and directories to be hidden to evade detection mechanisms. To prevent normal users from accidentally changing special files on a system, most operating systems have the concept of a ‘hidden’ file. These files don’t show up when a user browses the file system with a GUI or when using normal commands on the command line. Users must explicitly ask to show the hidden files either via a series of Graphical User Interface (GUI) prompts or with command line switches ( `dir /a` for Windows and `ls –a` for Linux and macOS).
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report wDIaJji4Vv.exe

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: NanoCore

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Software Vulnerabilities:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Boot Survival:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Network Behavior

Snort IDS Alerts

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may use legitimate desktop support and remote access software, such as Team Viewer, Go2Assist, LogMein, AmmyyAdmin, etc, to establish an interactive command and control channel to target systems within networks. These services are commonly used as legitimate technical support software, and may be allowed by application control within a target environment. Remote access tools like VNC, Ammyy, and Teamviewer are used frequently when compared with other legitimate software commonly used by adversaries.
Tactics:	Command and Control
Data Sources:	Network intrusion detection system, Network protocol analysis, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre